cobaltstrike | 366742001ab90032f408b5cf250ec2fbd1e669d949b8c6c336b84f4a62777faa

Analysis

max time kernel
116s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2024, 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

4d00085fe94a49cbfc683cca1e8debde
SHA1

d0ddcb56c6143391b1d5c3a8be0c4cde92fb2ed7
SHA256

366742001ab90032f408b5cf250ec2fbd1e669d949b8c6c336b84f4a62777faa
SHA512

2a1b8b1382e7327069991cbb997bbf0fdda1d156e69073f694efc01edb4b6d52eff20671256be1106c12973294b155a3bc71004b8c9269cb777bf072e3ebfa02
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000b000000023b89-4.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8d-10.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8e-11.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8f-22.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b92-41.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b94-54.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b96-66.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b8a-79.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b98-90.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9c-108.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b9d-112.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b9e-120.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b9f-126.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bb7-145.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bbc-152.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bc4-179.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bc2-177.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bbe-169.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bbd-161.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bc8-190.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bc9-195.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bca-200.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bc7-186.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bae-142.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba7-137.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9b-102.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b99-97.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b97-74.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b95-59.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b93-48.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b91-36.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b90-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4416-0-0x00007FF7EDF60000-0x00007FF7EE2B4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b89-4.dat	xmrig
behavioral2/files/0x000a000000023b8d-10.dat	xmrig
behavioral2/memory/5036-14-0x00007FF6684C0000-0x00007FF668814000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8e-11.dat	xmrig
behavioral2/files/0x000a000000023b8f-22.dat	xmrig
behavioral2/memory/4476-26-0x00007FF711F90000-0x00007FF7122E4000-memory.dmp	xmrig
behavioral2/memory/2140-32-0x00007FF76BE90000-0x00007FF76C1E4000-memory.dmp	xmrig
behavioral2/memory/3372-37-0x00007FF74F520000-0x00007FF74F874000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b92-41.dat	xmrig
behavioral2/memory/1692-44-0x00007FF76F5A0000-0x00007FF76F8F4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b94-54.dat	xmrig
behavioral2/memory/212-56-0x00007FF72A7F0000-0x00007FF72AB44000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b96-66.dat	xmrig
behavioral2/memory/1376-70-0x00007FF745AC0000-0x00007FF745E14000-memory.dmp	xmrig
behavioral2/memory/3436-69-0x00007FF60E4F0000-0x00007FF60E844000-memory.dmp	xmrig
behavioral2/memory/1036-63-0x00007FF71EB30000-0x00007FF71EE84000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b8a-79.dat	xmrig
behavioral2/memory/1728-89-0x00007FF71AE00000-0x00007FF71B154000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b98-90.dat	xmrig
behavioral2/files/0x000a000000023b9c-108.dat	xmrig
behavioral2/files/0x000b000000023b9d-112.dat	xmrig
behavioral2/files/0x000b000000023b9e-120.dat	xmrig
behavioral2/files/0x000b000000023b9f-126.dat	xmrig
behavioral2/memory/1820-129-0x00007FF722A60000-0x00007FF722DB4000-memory.dmp	xmrig
behavioral2/memory/2416-134-0x00007FF693540000-0x00007FF693894000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bb7-145.dat	xmrig
behavioral2/files/0x0009000000023bbc-152.dat	xmrig
behavioral2/memory/1940-166-0x00007FF783A50000-0x00007FF783DA4000-memory.dmp	xmrig
behavioral2/memory/1612-172-0x00007FF62F010000-0x00007FF62F364000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bc4-179.dat	xmrig
behavioral2/files/0x000e000000023bc2-177.dat	xmrig
behavioral2/memory/1728-176-0x00007FF71AE00000-0x00007FF71B154000-memory.dmp	xmrig
behavioral2/memory/348-175-0x00007FF727BE0000-0x00007FF727F34000-memory.dmp	xmrig
behavioral2/memory/1604-174-0x00007FF78DE30000-0x00007FF78E184000-memory.dmp	xmrig
behavioral2/files/0x0009000000023bbe-169.dat	xmrig
behavioral2/files/0x0009000000023bbd-161.dat	xmrig
behavioral2/memory/3500-156-0x00007FF78CFF0000-0x00007FF78D344000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bc8-190.dat	xmrig
behavioral2/files/0x0008000000023bc9-195.dat	xmrig
behavioral2/files/0x0008000000023bca-200.dat	xmrig
behavioral2/files/0x0008000000023bc7-186.dat	xmrig
behavioral2/memory/3716-185-0x00007FF70A390000-0x00007FF70A6E4000-memory.dmp	xmrig
behavioral2/memory/4920-184-0x00007FF6495C0000-0x00007FF649914000-memory.dmp	xmrig
behavioral2/memory/4800-154-0x00007FF6D4FD0000-0x00007FF6D5324000-memory.dmp	xmrig
behavioral2/memory/2744-153-0x00007FF7EA6E0000-0x00007FF7EAA34000-memory.dmp	xmrig
behavioral2/memory/1412-226-0x00007FF719B20000-0x00007FF719E74000-memory.dmp	xmrig
behavioral2/memory/3596-147-0x00007FF6427D0000-0x00007FF642B24000-memory.dmp	xmrig
behavioral2/memory/812-279-0x00007FF730270000-0x00007FF7305C4000-memory.dmp	xmrig
behavioral2/files/0x000e000000023bae-142.dat	xmrig
behavioral2/memory/1940-523-0x00007FF783A50000-0x00007FF783DA4000-memory.dmp	xmrig
behavioral2/memory/1612-586-0x00007FF62F010000-0x00007FF62F364000-memory.dmp	xmrig
behavioral2/memory/1604-647-0x00007FF78DE30000-0x00007FF78E184000-memory.dmp	xmrig
behavioral2/memory/348-668-0x00007FF727BE0000-0x00007FF727F34000-memory.dmp	xmrig
behavioral2/memory/3500-522-0x00007FF78CFF0000-0x00007FF78D344000-memory.dmp	xmrig
behavioral2/memory/3716-684-0x00007FF70A390000-0x00007FF70A6E4000-memory.dmp	xmrig
behavioral2/memory/4584-140-0x00007FF746E80000-0x00007FF7471D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba7-137.dat	xmrig
behavioral2/memory/212-135-0x00007FF72A7F0000-0x00007FF72AB44000-memory.dmp	xmrig
behavioral2/memory/5036-2253-0x00007FF6684C0000-0x00007FF668814000-memory.dmp	xmrig
behavioral2/memory/2948-2254-0x00007FF703C80000-0x00007FF703FD4000-memory.dmp	xmrig
behavioral2/memory/4476-2255-0x00007FF711F90000-0x00007FF7122E4000-memory.dmp	xmrig
behavioral2/memory/2140-2256-0x00007FF76BE90000-0x00007FF76C1E4000-memory.dmp	xmrig
behavioral2/memory/3372-2257-0x00007FF74F520000-0x00007FF74F874000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3436	SxyisjO.exe
5036	vZLlzwh.exe
2948	VAIYWOw.exe
4476	KIMTocW.exe
2140	nvwKSkB.exe
3372	dngmDhr.exe
1692	sOqQtnY.exe
2488	GjJenrz.exe
212	uIWQMAZ.exe
1036	mrUUMlt.exe
1376	nNEAnxh.exe
3660	XjBQVQU.exe
1336	ItcQFyo.exe
1728	SEeHWJi.exe
4920	FAvEPby.exe
1412	KREhcYV.exe
812	pkRqYFA.exe
1820	eaIKEjy.exe
2416	JdNPYlr.exe
4584	wABODTT.exe
3596	xjQDODG.exe
2744	DbUhKCq.exe
4800	kaVJUFL.exe
3500	pNjSBWo.exe
1940	XOariHO.exe
1612	mcIZoCA.exe
348	qhevqzl.exe
1604	RftweSd.exe
3716	lSFznaj.exe
3644	DNloTeX.exe
3740	PpxQwfm.exe
2120	DGHtKRz.exe
3444	ZDLLujj.exe
864	iXznDjp.exe
4752	WALtdVi.exe
4392	xkDVeZw.exe
4556	GVkYNRU.exe
2700	oodtaZZ.exe
4400	cnBgwLl.exe
2816	ffcncxM.exe
4744	fcJMEvs.exe
4364	rfiPAyu.exe
3288	TXEPbki.exe
756	hPYBCeT.exe
4832	Ugowrox.exe
2008	HpMmFFB.exe
4388	JBhGesi.exe
1624	TIRYePC.exe
2928	llkbGEg.exe
2832	cVLwnih.exe
2276	rccFOOF.exe
4852	YRypJQl.exe
1752	TViGMKx.exe
4760	mQyMwPm.exe
2740	pwGHPdX.exe
1452	uUZjsbY.exe
3060	vaRUvVy.exe
5028	NDrRIsj.exe
1568	wETauPt.exe
2200	tnIedyZ.exe
448	YUHXUgY.exe
2520	sIhijCR.exe
1068	zpUxiSt.exe
224	bFOuqRo.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4416-0-0x00007FF7EDF60000-0x00007FF7EE2B4000-memory.dmp	upx
behavioral2/files/0x000b000000023b89-4.dat	upx
behavioral2/files/0x000a000000023b8d-10.dat	upx
behavioral2/memory/5036-14-0x00007FF6684C0000-0x00007FF668814000-memory.dmp	upx
behavioral2/files/0x000a000000023b8e-11.dat	upx
behavioral2/files/0x000a000000023b8f-22.dat	upx
behavioral2/memory/4476-26-0x00007FF711F90000-0x00007FF7122E4000-memory.dmp	upx
behavioral2/memory/2140-32-0x00007FF76BE90000-0x00007FF76C1E4000-memory.dmp	upx
behavioral2/memory/3372-37-0x00007FF74F520000-0x00007FF74F874000-memory.dmp	upx
behavioral2/files/0x000a000000023b92-41.dat	upx
behavioral2/memory/1692-44-0x00007FF76F5A0000-0x00007FF76F8F4000-memory.dmp	upx
behavioral2/files/0x000a000000023b94-54.dat	upx
behavioral2/memory/212-56-0x00007FF72A7F0000-0x00007FF72AB44000-memory.dmp	upx
behavioral2/files/0x000a000000023b96-66.dat	upx
behavioral2/memory/1376-70-0x00007FF745AC0000-0x00007FF745E14000-memory.dmp	upx
behavioral2/memory/3436-69-0x00007FF60E4F0000-0x00007FF60E844000-memory.dmp	upx
behavioral2/memory/1036-63-0x00007FF71EB30000-0x00007FF71EE84000-memory.dmp	upx
behavioral2/files/0x000b000000023b8a-79.dat	upx
behavioral2/memory/1728-89-0x00007FF71AE00000-0x00007FF71B154000-memory.dmp	upx
behavioral2/files/0x000a000000023b98-90.dat	upx
behavioral2/files/0x000a000000023b9c-108.dat	upx
behavioral2/files/0x000b000000023b9d-112.dat	upx
behavioral2/files/0x000b000000023b9e-120.dat	upx
behavioral2/files/0x000b000000023b9f-126.dat	upx
behavioral2/memory/1820-129-0x00007FF722A60000-0x00007FF722DB4000-memory.dmp	upx
behavioral2/memory/2416-134-0x00007FF693540000-0x00007FF693894000-memory.dmp	upx
behavioral2/files/0x0008000000023bb7-145.dat	upx
behavioral2/files/0x0009000000023bbc-152.dat	upx
behavioral2/memory/1940-166-0x00007FF783A50000-0x00007FF783DA4000-memory.dmp	upx
behavioral2/memory/1612-172-0x00007FF62F010000-0x00007FF62F364000-memory.dmp	upx
behavioral2/files/0x0008000000023bc4-179.dat	upx
behavioral2/files/0x000e000000023bc2-177.dat	upx
behavioral2/memory/1728-176-0x00007FF71AE00000-0x00007FF71B154000-memory.dmp	upx
behavioral2/memory/348-175-0x00007FF727BE0000-0x00007FF727F34000-memory.dmp	upx
behavioral2/memory/1604-174-0x00007FF78DE30000-0x00007FF78E184000-memory.dmp	upx
behavioral2/files/0x0009000000023bbe-169.dat	upx
behavioral2/files/0x0009000000023bbd-161.dat	upx
behavioral2/memory/3500-156-0x00007FF78CFF0000-0x00007FF78D344000-memory.dmp	upx
behavioral2/files/0x0008000000023bc8-190.dat	upx
behavioral2/files/0x0008000000023bc9-195.dat	upx
behavioral2/files/0x0008000000023bca-200.dat	upx
behavioral2/files/0x0008000000023bc7-186.dat	upx
behavioral2/memory/3716-185-0x00007FF70A390000-0x00007FF70A6E4000-memory.dmp	upx
behavioral2/memory/4920-184-0x00007FF6495C0000-0x00007FF649914000-memory.dmp	upx
behavioral2/memory/4800-154-0x00007FF6D4FD0000-0x00007FF6D5324000-memory.dmp	upx
behavioral2/memory/2744-153-0x00007FF7EA6E0000-0x00007FF7EAA34000-memory.dmp	upx
behavioral2/memory/1412-226-0x00007FF719B20000-0x00007FF719E74000-memory.dmp	upx
behavioral2/memory/3596-147-0x00007FF6427D0000-0x00007FF642B24000-memory.dmp	upx
behavioral2/memory/812-279-0x00007FF730270000-0x00007FF7305C4000-memory.dmp	upx
behavioral2/files/0x000e000000023bae-142.dat	upx
behavioral2/memory/1940-523-0x00007FF783A50000-0x00007FF783DA4000-memory.dmp	upx
behavioral2/memory/1612-586-0x00007FF62F010000-0x00007FF62F364000-memory.dmp	upx
behavioral2/memory/1604-647-0x00007FF78DE30000-0x00007FF78E184000-memory.dmp	upx
behavioral2/memory/348-668-0x00007FF727BE0000-0x00007FF727F34000-memory.dmp	upx
behavioral2/memory/3500-522-0x00007FF78CFF0000-0x00007FF78D344000-memory.dmp	upx
behavioral2/memory/3716-684-0x00007FF70A390000-0x00007FF70A6E4000-memory.dmp	upx
behavioral2/memory/4584-140-0x00007FF746E80000-0x00007FF7471D4000-memory.dmp	upx
behavioral2/files/0x000a000000023ba7-137.dat	upx
behavioral2/memory/212-135-0x00007FF72A7F0000-0x00007FF72AB44000-memory.dmp	upx
behavioral2/memory/5036-2253-0x00007FF6684C0000-0x00007FF668814000-memory.dmp	upx
behavioral2/memory/2948-2254-0x00007FF703C80000-0x00007FF703FD4000-memory.dmp	upx
behavioral2/memory/4476-2255-0x00007FF711F90000-0x00007FF7122E4000-memory.dmp	upx
behavioral2/memory/2140-2256-0x00007FF76BE90000-0x00007FF76C1E4000-memory.dmp	upx
behavioral2/memory/3372-2257-0x00007FF74F520000-0x00007FF74F874000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TipAWyL.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kedwmtF.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFVaggY.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LTmynFD.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SxyisjO.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjaaDjo.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lEgcDRy.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gosEjRN.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MnrFakB.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FyNBUcI.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzZGeOk.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNjSBWo.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MyUvkBF.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UROTxvA.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvIxwlL.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etRUtRm.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJXwIuq.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GRcwUud.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNEAnxh.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wutmsEc.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjGKvEM.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpTUcXb.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBPAngy.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNLWdIA.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\faZUyog.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ReCmFNG.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\floDeXo.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SgTiXLS.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcPtCSJ.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EBmFEjR.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eaIKEjy.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xkDVeZw.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJNrONJ.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QqrmdrT.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjcLXoE.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JWCXAof.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\APTmuuV.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FYQOpyk.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RxucxHm.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XigWrTU.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azMfFjj.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtrWHyF.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CyaTOeR.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zZvwvZp.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afeIcKP.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uUyuGpo.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jTVRLCs.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RZguqVa.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQjJtcX.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtLQqBK.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ErJbOHP.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GvuHQsc.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UltWxxt.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZLlzwh.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBmGSyj.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yqCrrVg.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbllBpu.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIRYePC.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UrcCnQP.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukLbqjs.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdvpvmE.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kDsxEHw.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qrApLyL.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvBePwc.exe	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 3436	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 4416 wrote to memory of 3436	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 4416 wrote to memory of 5036	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4416 wrote to memory of 5036	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4416 wrote to memory of 2948	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4416 wrote to memory of 2948	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4416 wrote to memory of 4476	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4416 wrote to memory of 4476	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4416 wrote to memory of 2140	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4416 wrote to memory of 2140	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4416 wrote to memory of 3372	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4416 wrote to memory of 3372	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4416 wrote to memory of 1692	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4416 wrote to memory of 1692	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4416 wrote to memory of 2488	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4416 wrote to memory of 2488	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4416 wrote to memory of 212	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4416 wrote to memory of 212	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4416 wrote to memory of 1036	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4416 wrote to memory of 1036	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4416 wrote to memory of 1376	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4416 wrote to memory of 1376	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4416 wrote to memory of 3660	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4416 wrote to memory of 3660	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4416 wrote to memory of 1336	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4416 wrote to memory of 1336	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4416 wrote to memory of 1728	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4416 wrote to memory of 1728	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4416 wrote to memory of 4920	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4416 wrote to memory of 4920	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4416 wrote to memory of 1412	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4416 wrote to memory of 1412	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4416 wrote to memory of 812	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4416 wrote to memory of 812	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4416 wrote to memory of 1820	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4416 wrote to memory of 1820	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4416 wrote to memory of 2416	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4416 wrote to memory of 2416	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4416 wrote to memory of 4584	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4416 wrote to memory of 4584	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4416 wrote to memory of 3596	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4416 wrote to memory of 3596	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4416 wrote to memory of 2744	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4416 wrote to memory of 2744	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4416 wrote to memory of 4800	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4416 wrote to memory of 4800	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4416 wrote to memory of 3500	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4416 wrote to memory of 3500	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4416 wrote to memory of 1940	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4416 wrote to memory of 1940	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4416 wrote to memory of 1612	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4416 wrote to memory of 1612	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4416 wrote to memory of 348	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4416 wrote to memory of 348	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4416 wrote to memory of 1604	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4416 wrote to memory of 1604	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4416 wrote to memory of 3716	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4416 wrote to memory of 3716	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4416 wrote to memory of 3644	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4416 wrote to memory of 3644	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4416 wrote to memory of 3740	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4416 wrote to memory of 3740	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4416 wrote to memory of 2120	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4416 wrote to memory of 2120	4416	2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\4004788741\zmstage.exe
C:\Users\Admin\AppData\Local\Temp\4004788741\zmstage.exe
1⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_4d00085fe94a49cbfc683cca1e8debde_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Windows\System\SxyisjO.exe
  C:\Windows\System\SxyisjO.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\vZLlzwh.exe
  C:\Windows\System\vZLlzwh.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\VAIYWOw.exe
  C:\Windows\System\VAIYWOw.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\KIMTocW.exe
  C:\Windows\System\KIMTocW.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\nvwKSkB.exe
  C:\Windows\System\nvwKSkB.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\dngmDhr.exe
  C:\Windows\System\dngmDhr.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\sOqQtnY.exe
  C:\Windows\System\sOqQtnY.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\GjJenrz.exe
  C:\Windows\System\GjJenrz.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\uIWQMAZ.exe
  C:\Windows\System\uIWQMAZ.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\mrUUMlt.exe
  C:\Windows\System\mrUUMlt.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\nNEAnxh.exe
  C:\Windows\System\nNEAnxh.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\XjBQVQU.exe
  C:\Windows\System\XjBQVQU.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\ItcQFyo.exe
  C:\Windows\System\ItcQFyo.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\SEeHWJi.exe
  C:\Windows\System\SEeHWJi.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\FAvEPby.exe
  C:\Windows\System\FAvEPby.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\KREhcYV.exe
  C:\Windows\System\KREhcYV.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\pkRqYFA.exe
  C:\Windows\System\pkRqYFA.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\eaIKEjy.exe
  C:\Windows\System\eaIKEjy.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\JdNPYlr.exe
  C:\Windows\System\JdNPYlr.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\wABODTT.exe
  C:\Windows\System\wABODTT.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\xjQDODG.exe
  C:\Windows\System\xjQDODG.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\DbUhKCq.exe
  C:\Windows\System\DbUhKCq.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\kaVJUFL.exe
  C:\Windows\System\kaVJUFL.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\pNjSBWo.exe
  C:\Windows\System\pNjSBWo.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\XOariHO.exe
  C:\Windows\System\XOariHO.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\mcIZoCA.exe
  C:\Windows\System\mcIZoCA.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\qhevqzl.exe
  C:\Windows\System\qhevqzl.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\RftweSd.exe
  C:\Windows\System\RftweSd.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\lSFznaj.exe
  C:\Windows\System\lSFznaj.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\DNloTeX.exe
  C:\Windows\System\DNloTeX.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\PpxQwfm.exe
  C:\Windows\System\PpxQwfm.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\DGHtKRz.exe
  C:\Windows\System\DGHtKRz.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\ZDLLujj.exe
  C:\Windows\System\ZDLLujj.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\iXznDjp.exe
  C:\Windows\System\iXznDjp.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\WALtdVi.exe
  C:\Windows\System\WALtdVi.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\xkDVeZw.exe
  C:\Windows\System\xkDVeZw.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\GVkYNRU.exe
  C:\Windows\System\GVkYNRU.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\oodtaZZ.exe
  C:\Windows\System\oodtaZZ.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\cnBgwLl.exe
  C:\Windows\System\cnBgwLl.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\ffcncxM.exe
  C:\Windows\System\ffcncxM.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\fcJMEvs.exe
  C:\Windows\System\fcJMEvs.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\rfiPAyu.exe
  C:\Windows\System\rfiPAyu.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\TXEPbki.exe
  C:\Windows\System\TXEPbki.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\hPYBCeT.exe
  C:\Windows\System\hPYBCeT.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\Ugowrox.exe
  C:\Windows\System\Ugowrox.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\HpMmFFB.exe
  C:\Windows\System\HpMmFFB.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\JBhGesi.exe
  C:\Windows\System\JBhGesi.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\TIRYePC.exe
  C:\Windows\System\TIRYePC.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\llkbGEg.exe
  C:\Windows\System\llkbGEg.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\cVLwnih.exe
  C:\Windows\System\cVLwnih.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\rccFOOF.exe
  C:\Windows\System\rccFOOF.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\YRypJQl.exe
  C:\Windows\System\YRypJQl.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\TViGMKx.exe
  C:\Windows\System\TViGMKx.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\mQyMwPm.exe
  C:\Windows\System\mQyMwPm.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\pwGHPdX.exe
  C:\Windows\System\pwGHPdX.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\uUZjsbY.exe
  C:\Windows\System\uUZjsbY.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\vaRUvVy.exe
  C:\Windows\System\vaRUvVy.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\NDrRIsj.exe
  C:\Windows\System\NDrRIsj.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\wETauPt.exe
  C:\Windows\System\wETauPt.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\tnIedyZ.exe
  C:\Windows\System\tnIedyZ.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\YUHXUgY.exe
  C:\Windows\System\YUHXUgY.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\sIhijCR.exe
  C:\Windows\System\sIhijCR.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\zpUxiSt.exe
  C:\Windows\System\zpUxiSt.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\bFOuqRo.exe
  C:\Windows\System\bFOuqRo.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\FEchcYO.exe
  C:\Windows\System\FEchcYO.exe
  2⤵
  PID:2752
- C:\Windows\System\VdkbpiN.exe
  C:\Windows\System\VdkbpiN.exe
  2⤵
  PID:1972
- C:\Windows\System\EREsfWE.exe
  C:\Windows\System\EREsfWE.exe
  2⤵
  PID:548
- C:\Windows\System\JEygkfQ.exe
  C:\Windows\System\JEygkfQ.exe
  2⤵
  PID:2368
- C:\Windows\System\kDRGWav.exe
  C:\Windows\System\kDRGWav.exe
  2⤵
  PID:4572
- C:\Windows\System\lFNksdl.exe
  C:\Windows\System\lFNksdl.exe
  2⤵
  PID:408
- C:\Windows\System\RimEeuu.exe
  C:\Windows\System\RimEeuu.exe
  2⤵
  PID:3516
- C:\Windows\System\GrgvmtP.exe
  C:\Windows\System\GrgvmtP.exe
  2⤵
  PID:2564
- C:\Windows\System\bdVeotb.exe
  C:\Windows\System\bdVeotb.exe
  2⤵
  PID:1204
- C:\Windows\System\QOzdmRg.exe
  C:\Windows\System\QOzdmRg.exe
  2⤵
  PID:228
- C:\Windows\System\CsRWDYn.exe
  C:\Windows\System\CsRWDYn.exe
  2⤵
  PID:4464
- C:\Windows\System\fhajCsD.exe
  C:\Windows\System\fhajCsD.exe
  2⤵
  PID:3132
- C:\Windows\System\jxtdfbf.exe
  C:\Windows\System\jxtdfbf.exe
  2⤵
  PID:5112
- C:\Windows\System\KOuAqjI.exe
  C:\Windows\System\KOuAqjI.exe
  2⤵
  PID:4020
- C:\Windows\System\UrcCnQP.exe
  C:\Windows\System\UrcCnQP.exe
  2⤵
  PID:624
- C:\Windows\System\wEaKHst.exe
  C:\Windows\System\wEaKHst.exe
  2⤵
  PID:2848
- C:\Windows\System\vQdbWAT.exe
  C:\Windows\System\vQdbWAT.exe
  2⤵
  PID:2968
- C:\Windows\System\cDhuazw.exe
  C:\Windows\System\cDhuazw.exe
  2⤵
  PID:220
- C:\Windows\System\vRzsSOW.exe
  C:\Windows\System\vRzsSOW.exe
  2⤵
  PID:2044
- C:\Windows\System\cDZcOCG.exe
  C:\Windows\System\cDZcOCG.exe
  2⤵
  PID:5000
- C:\Windows\System\CgLdZOJ.exe
  C:\Windows\System\CgLdZOJ.exe
  2⤵
  PID:3248
- C:\Windows\System\pLiukTS.exe
  C:\Windows\System\pLiukTS.exe
  2⤵
  PID:4916
- C:\Windows\System\gAikHbJ.exe
  C:\Windows\System\gAikHbJ.exe
  2⤵
  PID:1504
- C:\Windows\System\mjZvmyG.exe
  C:\Windows\System\mjZvmyG.exe
  2⤵
  PID:4524
- C:\Windows\System\zhydAGf.exe
  C:\Windows\System\zhydAGf.exe
  2⤵
  PID:5132
- C:\Windows\System\CyaTOeR.exe
  C:\Windows\System\CyaTOeR.exe
  2⤵
  PID:5152
- C:\Windows\System\WeLQKle.exe
  C:\Windows\System\WeLQKle.exe
  2⤵
  PID:5188
- C:\Windows\System\EgkeEJk.exe
  C:\Windows\System\EgkeEJk.exe
  2⤵
  PID:5216
- C:\Windows\System\JEJDZlk.exe
  C:\Windows\System\JEJDZlk.exe
  2⤵
  PID:5244
- C:\Windows\System\uFnllaI.exe
  C:\Windows\System\uFnllaI.exe
  2⤵
  PID:5264
- C:\Windows\System\tKvYcqb.exe
  C:\Windows\System\tKvYcqb.exe
  2⤵
  PID:5300
- C:\Windows\System\lXWQbeQ.exe
  C:\Windows\System\lXWQbeQ.exe
  2⤵
  PID:5328
- C:\Windows\System\TipAWyL.exe
  C:\Windows\System\TipAWyL.exe
  2⤵
  PID:5348
- C:\Windows\System\XLgBhru.exe
  C:\Windows\System\XLgBhru.exe
  2⤵
  PID:5380
- C:\Windows\System\RLEdzXX.exe
  C:\Windows\System\RLEdzXX.exe
  2⤵
  PID:5416
- C:\Windows\System\fIgBiWC.exe
  C:\Windows\System\fIgBiWC.exe
  2⤵
  PID:5448
- C:\Windows\System\kwjycfR.exe
  C:\Windows\System\kwjycfR.exe
  2⤵
  PID:5472
- C:\Windows\System\iCVuuxy.exe
  C:\Windows\System\iCVuuxy.exe
  2⤵
  PID:5492
- C:\Windows\System\eBVRald.exe
  C:\Windows\System\eBVRald.exe
  2⤵
  PID:5528
- C:\Windows\System\zZvwvZp.exe
  C:\Windows\System\zZvwvZp.exe
  2⤵
  PID:5556
- C:\Windows\System\snVnOYY.exe
  C:\Windows\System\snVnOYY.exe
  2⤵
  PID:5584
- C:\Windows\System\DdXfAjH.exe
  C:\Windows\System\DdXfAjH.exe
  2⤵
  PID:5616
- C:\Windows\System\EQMGxEI.exe
  C:\Windows\System\EQMGxEI.exe
  2⤵
  PID:5640
- C:\Windows\System\ZXOdgCw.exe
  C:\Windows\System\ZXOdgCw.exe
  2⤵
  PID:5668
- C:\Windows\System\DVYRuTh.exe
  C:\Windows\System\DVYRuTh.exe
  2⤵
  PID:5692
- C:\Windows\System\fRBkXSB.exe
  C:\Windows\System\fRBkXSB.exe
  2⤵
  PID:5728
- C:\Windows\System\ncBOtvM.exe
  C:\Windows\System\ncBOtvM.exe
  2⤵
  PID:5752
- C:\Windows\System\zvNTsXi.exe
  C:\Windows\System\zvNTsXi.exe
  2⤵
  PID:5780
- C:\Windows\System\VmSPzYL.exe
  C:\Windows\System\VmSPzYL.exe
  2⤵
  PID:5808
- C:\Windows\System\GADJdBE.exe
  C:\Windows\System\GADJdBE.exe
  2⤵
  PID:5836
- C:\Windows\System\ReCmFNG.exe
  C:\Windows\System\ReCmFNG.exe
  2⤵
  PID:5868
- C:\Windows\System\KHBxdYk.exe
  C:\Windows\System\KHBxdYk.exe
  2⤵
  PID:5892
- C:\Windows\System\GcbOBFa.exe
  C:\Windows\System\GcbOBFa.exe
  2⤵
  PID:5920
- C:\Windows\System\LfjcxNn.exe
  C:\Windows\System\LfjcxNn.exe
  2⤵
  PID:5948
- C:\Windows\System\SxwDfCz.exe
  C:\Windows\System\SxwDfCz.exe
  2⤵
  PID:5972
- C:\Windows\System\TbfMXGX.exe
  C:\Windows\System\TbfMXGX.exe
  2⤵
  PID:6020
- C:\Windows\System\TjmDbsN.exe
  C:\Windows\System\TjmDbsN.exe
  2⤵
  PID:6052
- C:\Windows\System\eQjJtcX.exe
  C:\Windows\System\eQjJtcX.exe
  2⤵
  PID:6076
- C:\Windows\System\KBjZdiE.exe
  C:\Windows\System\KBjZdiE.exe
  2⤵
  PID:6104
- C:\Windows\System\pqEQtRi.exe
  C:\Windows\System\pqEQtRi.exe
  2⤵
  PID:6132
- C:\Windows\System\QiejWlC.exe
  C:\Windows\System\QiejWlC.exe
  2⤵
  PID:5144
- C:\Windows\System\MLjUqCd.exe
  C:\Windows\System\MLjUqCd.exe
  2⤵
  PID:5208
- C:\Windows\System\ULJYyye.exe
  C:\Windows\System\ULJYyye.exe
  2⤵
  PID:5276
- C:\Windows\System\ukLbqjs.exe
  C:\Windows\System\ukLbqjs.exe
  2⤵
  PID:5344
- C:\Windows\System\OMxVccX.exe
  C:\Windows\System\OMxVccX.exe
  2⤵
  PID:5400
- C:\Windows\System\afeIcKP.exe
  C:\Windows\System\afeIcKP.exe
  2⤵
  PID:5464
- C:\Windows\System\WZVMtie.exe
  C:\Windows\System\WZVMtie.exe
  2⤵
  PID:768
- C:\Windows\System\mUdbwtm.exe
  C:\Windows\System\mUdbwtm.exe
  2⤵
  PID:5484
- C:\Windows\System\sBaujtP.exe
  C:\Windows\System\sBaujtP.exe
  2⤵
  PID:5568
- C:\Windows\System\OntMUvK.exe
  C:\Windows\System\OntMUvK.exe
  2⤵
  PID:5628
- C:\Windows\System\vHPyqEF.exe
  C:\Windows\System\vHPyqEF.exe
  2⤵
  PID:5684
- C:\Windows\System\iOSltEG.exe
  C:\Windows\System\iOSltEG.exe
  2⤵
  PID:5764
- C:\Windows\System\wutmsEc.exe
  C:\Windows\System\wutmsEc.exe
  2⤵
  PID:5820
- C:\Windows\System\CntLNKA.exe
  C:\Windows\System\CntLNKA.exe
  2⤵
  PID:5880
- C:\Windows\System\kdDvkwT.exe
  C:\Windows\System\kdDvkwT.exe
  2⤵
  PID:5932
- C:\Windows\System\oQhXVnl.exe
  C:\Windows\System\oQhXVnl.exe
  2⤵
  PID:6000
- C:\Windows\System\GjGKvEM.exe
  C:\Windows\System\GjGKvEM.exe
  2⤵
  PID:6060
- C:\Windows\System\umoftXe.exe
  C:\Windows\System\umoftXe.exe
  2⤵
  PID:6116
- C:\Windows\System\dUsmRYd.exe
  C:\Windows\System\dUsmRYd.exe
  2⤵
  PID:5232
- C:\Windows\System\qGfXbUs.exe
  C:\Windows\System\qGfXbUs.exe
  2⤵
  PID:5320
- C:\Windows\System\qBmGSyj.exe
  C:\Windows\System\qBmGSyj.exe
  2⤵
  PID:1976
- C:\Windows\System\WbVvABf.exe
  C:\Windows\System\WbVvABf.exe
  2⤵
  PID:5540
- C:\Windows\System\sBZENzQ.exe
  C:\Windows\System\sBZENzQ.exe
  2⤵
  PID:5720
- C:\Windows\System\gSzjtUB.exe
  C:\Windows\System\gSzjtUB.exe
  2⤵
  PID:5864
- C:\Windows\System\anOiEOi.exe
  C:\Windows\System\anOiEOi.exe
  2⤵
  PID:5968
- C:\Windows\System\cCJIMez.exe
  C:\Windows\System\cCJIMez.exe
  2⤵
  PID:6096
- C:\Windows\System\WjyhEbU.exe
  C:\Windows\System\WjyhEbU.exe
  2⤵
  PID:5424
- C:\Windows\System\fYbXpfG.exe
  C:\Windows\System\fYbXpfG.exe
  2⤵
  PID:5592
- C:\Windows\System\kxodNdx.exe
  C:\Windows\System\kxodNdx.exe
  2⤵
  PID:3944
- C:\Windows\System\dyxwtSA.exe
  C:\Windows\System\dyxwtSA.exe
  2⤵
  PID:6032
- C:\Windows\System\mJtBHIY.exe
  C:\Windows\System\mJtBHIY.exe
  2⤵
  PID:5708
- C:\Windows\System\IRxxKuy.exe
  C:\Windows\System\IRxxKuy.exe
  2⤵
  PID:5288
- C:\Windows\System\ogAGHAq.exe
  C:\Windows\System\ogAGHAq.exe
  2⤵
  PID:5904
- C:\Windows\System\aDrPqqG.exe
  C:\Windows\System\aDrPqqG.exe
  2⤵
  PID:6156
- C:\Windows\System\UHnKrzv.exe
  C:\Windows\System\UHnKrzv.exe
  2⤵
  PID:6184
- C:\Windows\System\yFiLejj.exe
  C:\Windows\System\yFiLejj.exe
  2⤵
  PID:6204
- C:\Windows\System\LHxvhLM.exe
  C:\Windows\System\LHxvhLM.exe
  2⤵
  PID:6244
- C:\Windows\System\oPqmtpJ.exe
  C:\Windows\System\oPqmtpJ.exe
  2⤵
  PID:6276
- C:\Windows\System\TUxsNPG.exe
  C:\Windows\System\TUxsNPG.exe
  2⤵
  PID:6296
- C:\Windows\System\uUyuGpo.exe
  C:\Windows\System\uUyuGpo.exe
  2⤵
  PID:6324
- C:\Windows\System\OqaPUmA.exe
  C:\Windows\System\OqaPUmA.exe
  2⤵
  PID:6360
- C:\Windows\System\eJMolVI.exe
  C:\Windows\System\eJMolVI.exe
  2⤵
  PID:6388
- C:\Windows\System\sEgnILq.exe
  C:\Windows\System\sEgnILq.exe
  2⤵
  PID:6420
- C:\Windows\System\yFadLzR.exe
  C:\Windows\System\yFadLzR.exe
  2⤵
  PID:6448
- C:\Windows\System\XCHgLHk.exe
  C:\Windows\System\XCHgLHk.exe
  2⤵
  PID:6468
- C:\Windows\System\GWvCRgj.exe
  C:\Windows\System\GWvCRgj.exe
  2⤵
  PID:6500
- C:\Windows\System\zMMRQYT.exe
  C:\Windows\System\zMMRQYT.exe
  2⤵
  PID:6528
- C:\Windows\System\nkylpAE.exe
  C:\Windows\System\nkylpAE.exe
  2⤵
  PID:6548
- C:\Windows\System\tVBROeT.exe
  C:\Windows\System\tVBROeT.exe
  2⤵
  PID:6580
- C:\Windows\System\IzosjqF.exe
  C:\Windows\System\IzosjqF.exe
  2⤵
  PID:6620
- C:\Windows\System\eBwYTsu.exe
  C:\Windows\System\eBwYTsu.exe
  2⤵
  PID:6648
- C:\Windows\System\pgIWLYL.exe
  C:\Windows\System\pgIWLYL.exe
  2⤵
  PID:6680
- C:\Windows\System\vTnUzzT.exe
  C:\Windows\System\vTnUzzT.exe
  2⤵
  PID:6696
- C:\Windows\System\cBDdIMN.exe
  C:\Windows\System\cBDdIMN.exe
  2⤵
  PID:6732
- C:\Windows\System\pjUiZAF.exe
  C:\Windows\System\pjUiZAF.exe
  2⤵
  PID:6752
- C:\Windows\System\SLWbHPD.exe
  C:\Windows\System\SLWbHPD.exe
  2⤵
  PID:6780
- C:\Windows\System\bTUiDSO.exe
  C:\Windows\System\bTUiDSO.exe
  2⤵
  PID:6808
- C:\Windows\System\BMyVVuv.exe
  C:\Windows\System\BMyVVuv.exe
  2⤵
  PID:6840
- C:\Windows\System\QmYtPWg.exe
  C:\Windows\System\QmYtPWg.exe
  2⤵
  PID:6872
- C:\Windows\System\rVxUuCN.exe
  C:\Windows\System\rVxUuCN.exe
  2⤵
  PID:6908
- C:\Windows\System\RJNrONJ.exe
  C:\Windows\System\RJNrONJ.exe
  2⤵
  PID:6940
- C:\Windows\System\LzgESwh.exe
  C:\Windows\System\LzgESwh.exe
  2⤵
  PID:6968
- C:\Windows\System\TUeYYNS.exe
  C:\Windows\System\TUeYYNS.exe
  2⤵
  PID:6984
- C:\Windows\System\KteVASe.exe
  C:\Windows\System\KteVASe.exe
  2⤵
  PID:7028
- C:\Windows\System\zoqOJHq.exe
  C:\Windows\System\zoqOJHq.exe
  2⤵
  PID:7056
- C:\Windows\System\MyUvkBF.exe
  C:\Windows\System\MyUvkBF.exe
  2⤵
  PID:7084
- C:\Windows\System\hsdhtpD.exe
  C:\Windows\System\hsdhtpD.exe
  2⤵
  PID:7116
- C:\Windows\System\hmtMHQi.exe
  C:\Windows\System\hmtMHQi.exe
  2⤵
  PID:7132
- C:\Windows\System\oVUjqjP.exe
  C:\Windows\System\oVUjqjP.exe
  2⤵
  PID:6172
- C:\Windows\System\qXjpxdL.exe
  C:\Windows\System\qXjpxdL.exe
  2⤵
  PID:6220
- C:\Windows\System\PzLvMQv.exe
  C:\Windows\System\PzLvMQv.exe
  2⤵
  PID:1236
- C:\Windows\System\HInDziw.exe
  C:\Windows\System\HInDziw.exe
  2⤵
  PID:6440
- C:\Windows\System\LWDqRwx.exe
  C:\Windows\System\LWDqRwx.exe
  2⤵
  PID:6508
- C:\Windows\System\YjaaDjo.exe
  C:\Windows\System\YjaaDjo.exe
  2⤵
  PID:6572
- C:\Windows\System\mJPNdpg.exe
  C:\Windows\System\mJPNdpg.exe
  2⤵
  PID:6628
- C:\Windows\System\pbRaaAr.exe
  C:\Windows\System\pbRaaAr.exe
  2⤵
  PID:6708
- C:\Windows\System\nYEAzHm.exe
  C:\Windows\System\nYEAzHm.exe
  2⤵
  PID:6772
- C:\Windows\System\aXkERsH.exe
  C:\Windows\System\aXkERsH.exe
  2⤵
  PID:6836
- C:\Windows\System\tQVkmxm.exe
  C:\Windows\System\tQVkmxm.exe
  2⤵
  PID:6892
- C:\Windows\System\KwCQoZY.exe
  C:\Windows\System\KwCQoZY.exe
  2⤵
  PID:6952
- C:\Windows\System\MMqyfab.exe
  C:\Windows\System\MMqyfab.exe
  2⤵
  PID:6996
- C:\Windows\System\cVdATCQ.exe
  C:\Windows\System\cVdATCQ.exe
  2⤵
  PID:7040
- C:\Windows\System\HdSnaSX.exe
  C:\Windows\System\HdSnaSX.exe
  2⤵
  PID:7080
- C:\Windows\System\anNklhB.exe
  C:\Windows\System\anNklhB.exe
  2⤵
  PID:7124
- C:\Windows\System\PjJutOu.exe
  C:\Windows\System\PjJutOu.exe
  2⤵
  PID:2592
- C:\Windows\System\DdiDwbJ.exe
  C:\Windows\System\DdiDwbJ.exe
  2⤵
  PID:6372
- C:\Windows\System\cDDMRos.exe
  C:\Windows\System\cDDMRos.exe
  2⤵
  PID:6484
- C:\Windows\System\qGvnzAA.exe
  C:\Windows\System\qGvnzAA.exe
  2⤵
  PID:6664
- C:\Windows\System\RpVkBXs.exe
  C:\Windows\System\RpVkBXs.exe
  2⤵
  PID:6852
- C:\Windows\System\BrfQcVo.exe
  C:\Windows\System\BrfQcVo.exe
  2⤵
  PID:7104
- C:\Windows\System\MfvfCeP.exe
  C:\Windows\System\MfvfCeP.exe
  2⤵
  PID:6920
- C:\Windows\System\iDNDNJE.exe
  C:\Windows\System\iDNDNJE.exe
  2⤵
  PID:7212
- C:\Windows\System\yVNumRD.exe
  C:\Windows\System\yVNumRD.exe
  2⤵
  PID:7256
- C:\Windows\System\DJUVZmG.exe
  C:\Windows\System\DJUVZmG.exe
  2⤵
  PID:7276
- C:\Windows\System\lsXOpMF.exe
  C:\Windows\System\lsXOpMF.exe
  2⤵
  PID:7332
- C:\Windows\System\WuseWOx.exe
  C:\Windows\System\WuseWOx.exe
  2⤵
  PID:7384
- C:\Windows\System\rnUJvkz.exe
  C:\Windows\System\rnUJvkz.exe
  2⤵
  PID:7408
- C:\Windows\System\floDeXo.exe
  C:\Windows\System\floDeXo.exe
  2⤵
  PID:7436
- C:\Windows\System\stGhCbU.exe
  C:\Windows\System\stGhCbU.exe
  2⤵
  PID:7468
- C:\Windows\System\qipeKxQ.exe
  C:\Windows\System\qipeKxQ.exe
  2⤵
  PID:7484
- C:\Windows\System\DDfgHPU.exe
  C:\Windows\System\DDfgHPU.exe
  2⤵
  PID:7520
- C:\Windows\System\wVfTvfW.exe
  C:\Windows\System\wVfTvfW.exe
  2⤵
  PID:7548
- C:\Windows\System\wHOjhKY.exe
  C:\Windows\System\wHOjhKY.exe
  2⤵
  PID:7576
- C:\Windows\System\ypLlkPa.exe
  C:\Windows\System\ypLlkPa.exe
  2⤵
  PID:7608
- C:\Windows\System\vudlZyS.exe
  C:\Windows\System\vudlZyS.exe
  2⤵
  PID:7632
- C:\Windows\System\fhEhozG.exe
  C:\Windows\System\fhEhozG.exe
  2⤵
  PID:7660
- C:\Windows\System\UkBDtDr.exe
  C:\Windows\System\UkBDtDr.exe
  2⤵
  PID:7688
- C:\Windows\System\ZoNaJgP.exe
  C:\Windows\System\ZoNaJgP.exe
  2⤵
  PID:7708
- C:\Windows\System\CGKznck.exe
  C:\Windows\System\CGKznck.exe
  2⤵
  PID:7744
- C:\Windows\System\TSUhEex.exe
  C:\Windows\System\TSUhEex.exe
  2⤵
  PID:7776
- C:\Windows\System\KXsMVdw.exe
  C:\Windows\System\KXsMVdw.exe
  2⤵
  PID:7796
- C:\Windows\System\FKpshxp.exe
  C:\Windows\System\FKpshxp.exe
  2⤵
  PID:7824
- C:\Windows\System\mUKlGqw.exe
  C:\Windows\System\mUKlGqw.exe
  2⤵
  PID:7860
- C:\Windows\System\rBuVDUR.exe
  C:\Windows\System\rBuVDUR.exe
  2⤵
  PID:7884
- C:\Windows\System\TmVgETo.exe
  C:\Windows\System\TmVgETo.exe
  2⤵
  PID:7920
- C:\Windows\System\DAsdPZr.exe
  C:\Windows\System\DAsdPZr.exe
  2⤵
  PID:7948
- C:\Windows\System\iRtjaVy.exe
  C:\Windows\System\iRtjaVy.exe
  2⤵
  PID:7968
- C:\Windows\System\ZUYURMo.exe
  C:\Windows\System\ZUYURMo.exe
  2⤵
  PID:7996
- C:\Windows\System\pKqOKQG.exe
  C:\Windows\System\pKqOKQG.exe
  2⤵
  PID:8024
- C:\Windows\System\iTGekYS.exe
  C:\Windows\System\iTGekYS.exe
  2⤵
  PID:8052
- C:\Windows\System\zMZRmuU.exe
  C:\Windows\System\zMZRmuU.exe
  2⤵
  PID:8080
- C:\Windows\System\AhGDxKg.exe
  C:\Windows\System\AhGDxKg.exe
  2⤵
  PID:8108
- C:\Windows\System\ukzsFlZ.exe
  C:\Windows\System\ukzsFlZ.exe
  2⤵
  PID:8136
- C:\Windows\System\KWPDOGk.exe
  C:\Windows\System\KWPDOGk.exe
  2⤵
  PID:8164
- C:\Windows\System\cHzlIlt.exe
  C:\Windows\System\cHzlIlt.exe
  2⤵
  PID:7220
- C:\Windows\System\jWlbphV.exe
  C:\Windows\System\jWlbphV.exe
  2⤵
  PID:7292
- C:\Windows\System\LlKDpFW.exe
  C:\Windows\System\LlKDpFW.exe
  2⤵
  PID:7372
- C:\Windows\System\ARayiFD.exe
  C:\Windows\System\ARayiFD.exe
  2⤵
  PID:7448
- C:\Windows\System\FkGdllo.exe
  C:\Windows\System\FkGdllo.exe
  2⤵
  PID:7496
- C:\Windows\System\GSrvmCV.exe
  C:\Windows\System\GSrvmCV.exe
  2⤵
  PID:7588
- C:\Windows\System\MTyHSSU.exe
  C:\Windows\System\MTyHSSU.exe
  2⤵
  PID:7644
- C:\Windows\System\GrHUNby.exe
  C:\Windows\System\GrHUNby.exe
  2⤵
  PID:7728
- C:\Windows\System\HaBGoEQ.exe
  C:\Windows\System\HaBGoEQ.exe
  2⤵
  PID:7784
- C:\Windows\System\aPRSvmO.exe
  C:\Windows\System\aPRSvmO.exe
  2⤵
  PID:7852
- C:\Windows\System\QkAWsyp.exe
  C:\Windows\System\QkAWsyp.exe
  2⤵
  PID:7904
- C:\Windows\System\WhbhBdf.exe
  C:\Windows\System\WhbhBdf.exe
  2⤵
  PID:7964
- C:\Windows\System\VyQZNkS.exe
  C:\Windows\System\VyQZNkS.exe
  2⤵
  PID:8036
- C:\Windows\System\bjpZdjq.exe
  C:\Windows\System\bjpZdjq.exe
  2⤵
  PID:8100
- C:\Windows\System\KzdpAEu.exe
  C:\Windows\System\KzdpAEu.exe
  2⤵
  PID:8160
- C:\Windows\System\CcIikMy.exe
  C:\Windows\System\CcIikMy.exe
  2⤵
  PID:7320
- C:\Windows\System\fmZYBvw.exe
  C:\Windows\System\fmZYBvw.exe
  2⤵
  PID:7476
- C:\Windows\System\umvBeqE.exe
  C:\Windows\System\umvBeqE.exe
  2⤵
  PID:7672
- C:\Windows\System\NaHQZOa.exe
  C:\Windows\System\NaHQZOa.exe
  2⤵
  PID:7820
- C:\Windows\System\RkeUaZn.exe
  C:\Windows\System\RkeUaZn.exe
  2⤵
  PID:7932
- C:\Windows\System\NYnacQZ.exe
  C:\Windows\System\NYnacQZ.exe
  2⤵
  PID:8064
- C:\Windows\System\DyDGkEy.exe
  C:\Windows\System\DyDGkEy.exe
  2⤵
  PID:8188
- C:\Windows\System\WSaNrHl.exe
  C:\Windows\System\WSaNrHl.exe
  2⤵
  PID:7616
- C:\Windows\System\NCWEobX.exe
  C:\Windows\System\NCWEobX.exe
  2⤵
  PID:7896
- C:\Windows\System\gVXsgFG.exe
  C:\Windows\System\gVXsgFG.exe
  2⤵
  PID:7400
- C:\Windows\System\sSiGVhV.exe
  C:\Windows\System\sSiGVhV.exe
  2⤵
  PID:8156
- C:\Windows\System\TMaYfeG.exe
  C:\Windows\System\TMaYfeG.exe
  2⤵
  PID:8204
- C:\Windows\System\BSelzbo.exe
  C:\Windows\System\BSelzbo.exe
  2⤵
  PID:8224
- C:\Windows\System\nFoVPUx.exe
  C:\Windows\System\nFoVPUx.exe
  2⤵
  PID:8252
- C:\Windows\System\SsnaHGJ.exe
  C:\Windows\System\SsnaHGJ.exe
  2⤵
  PID:8280
- C:\Windows\System\fvLvWwu.exe
  C:\Windows\System\fvLvWwu.exe
  2⤵
  PID:8316
- C:\Windows\System\ZRryefZ.exe
  C:\Windows\System\ZRryefZ.exe
  2⤵
  PID:8344
- C:\Windows\System\RdPJVJp.exe
  C:\Windows\System\RdPJVJp.exe
  2⤵
  PID:8372
- C:\Windows\System\VeLqHgd.exe
  C:\Windows\System\VeLqHgd.exe
  2⤵
  PID:8392
- C:\Windows\System\vcZuQdA.exe
  C:\Windows\System\vcZuQdA.exe
  2⤵
  PID:8424
- C:\Windows\System\koAFiVM.exe
  C:\Windows\System\koAFiVM.exe
  2⤵
  PID:8448
- C:\Windows\System\lEgcDRy.exe
  C:\Windows\System\lEgcDRy.exe
  2⤵
  PID:8476
- C:\Windows\System\RXYUJwy.exe
  C:\Windows\System\RXYUJwy.exe
  2⤵
  PID:8504
- C:\Windows\System\tUiGTVy.exe
  C:\Windows\System\tUiGTVy.exe
  2⤵
  PID:8532
- C:\Windows\System\RmlczMk.exe
  C:\Windows\System\RmlczMk.exe
  2⤵
  PID:8568
- C:\Windows\System\JNziNqh.exe
  C:\Windows\System\JNziNqh.exe
  2⤵
  PID:8640
- C:\Windows\System\fZlHdCm.exe
  C:\Windows\System\fZlHdCm.exe
  2⤵
  PID:8664
- C:\Windows\System\QqrmdrT.exe
  C:\Windows\System\QqrmdrT.exe
  2⤵
  PID:8696
- C:\Windows\System\PeemKfl.exe
  C:\Windows\System\PeemKfl.exe
  2⤵
  PID:8724
- C:\Windows\System\CuUJPmh.exe
  C:\Windows\System\CuUJPmh.exe
  2⤵
  PID:8744
- C:\Windows\System\UROTxvA.exe
  C:\Windows\System\UROTxvA.exe
  2⤵
  PID:8776
- C:\Windows\System\IlMwFJn.exe
  C:\Windows\System\IlMwFJn.exe
  2⤵
  PID:8796
- C:\Windows\System\iagOLvH.exe
  C:\Windows\System\iagOLvH.exe
  2⤵
  PID:8824
- C:\Windows\System\vjcLXoE.exe
  C:\Windows\System\vjcLXoE.exe
  2⤵
  PID:8856
- C:\Windows\System\Zsxgjtx.exe
  C:\Windows\System\Zsxgjtx.exe
  2⤵
  PID:8884
- C:\Windows\System\rBkCKLg.exe
  C:\Windows\System\rBkCKLg.exe
  2⤵
  PID:8912
- C:\Windows\System\dclgFYm.exe
  C:\Windows\System\dclgFYm.exe
  2⤵
  PID:8940
- C:\Windows\System\rpTUcXb.exe
  C:\Windows\System\rpTUcXb.exe
  2⤵
  PID:8968
- C:\Windows\System\mjRAyOt.exe
  C:\Windows\System\mjRAyOt.exe
  2⤵
  PID:8996
- C:\Windows\System\UwYOIdm.exe
  C:\Windows\System\UwYOIdm.exe
  2⤵
  PID:9032
- C:\Windows\System\UGMXgDB.exe
  C:\Windows\System\UGMXgDB.exe
  2⤵
  PID:9052
- C:\Windows\System\GMisUVe.exe
  C:\Windows\System\GMisUVe.exe
  2⤵
  PID:9080
- C:\Windows\System\IDhoyBN.exe
  C:\Windows\System\IDhoyBN.exe
  2⤵
  PID:9116
- C:\Windows\System\MkRZkEt.exe
  C:\Windows\System\MkRZkEt.exe
  2⤵
  PID:9144
- C:\Windows\System\gYDotsd.exe
  C:\Windows\System\gYDotsd.exe
  2⤵
  PID:9180
- C:\Windows\System\zMSfTAc.exe
  C:\Windows\System\zMSfTAc.exe
  2⤵
  PID:9208
- C:\Windows\System\QKugnwd.exe
  C:\Windows\System\QKugnwd.exe
  2⤵
  PID:8236
- C:\Windows\System\CPnRPae.exe
  C:\Windows\System\CPnRPae.exe
  2⤵
  PID:8304
- C:\Windows\System\IBRjQqC.exe
  C:\Windows\System\IBRjQqC.exe
  2⤵
  PID:8356
- C:\Windows\System\HiWpREN.exe
  C:\Windows\System\HiWpREN.exe
  2⤵
  PID:8416
- C:\Windows\System\eeatRPU.exe
  C:\Windows\System\eeatRPU.exe
  2⤵
  PID:8488
- C:\Windows\System\DdvpvmE.exe
  C:\Windows\System\DdvpvmE.exe
  2⤵
  PID:8552
- C:\Windows\System\zlgWTrE.exe
  C:\Windows\System\zlgWTrE.exe
  2⤵
  PID:8620
- C:\Windows\System\KjGHSso.exe
  C:\Windows\System\KjGHSso.exe
  2⤵
  PID:8704
- C:\Windows\System\FjAiCeB.exe
  C:\Windows\System\FjAiCeB.exe
  2⤵
  PID:8736
- C:\Windows\System\wOyvDGB.exe
  C:\Windows\System\wOyvDGB.exe
  2⤵
  PID:8808
- C:\Windows\System\HewUdWV.exe
  C:\Windows\System\HewUdWV.exe
  2⤵
  PID:8868
- C:\Windows\System\AYMUFYd.exe
  C:\Windows\System\AYMUFYd.exe
  2⤵
  PID:8932
- C:\Windows\System\ohXqlfi.exe
  C:\Windows\System\ohXqlfi.exe
  2⤵
  PID:9008
- C:\Windows\System\nkpwxwa.exe
  C:\Windows\System\nkpwxwa.exe
  2⤵
  PID:9064
- C:\Windows\System\uTxIfjp.exe
  C:\Windows\System\uTxIfjp.exe
  2⤵
  PID:9156
- C:\Windows\System\PtlzaNo.exe
  C:\Windows\System\PtlzaNo.exe
  2⤵
  PID:8216
- C:\Windows\System\PLvKCMs.exe
  C:\Windows\System\PLvKCMs.exe
  2⤵
  PID:8328
- C:\Windows\System\LCZIBiF.exe
  C:\Windows\System\LCZIBiF.exe
  2⤵
  PID:8440
- C:\Windows\System\vunTPVn.exe
  C:\Windows\System\vunTPVn.exe
  2⤵
  PID:5068
- C:\Windows\System\ohYxaby.exe
  C:\Windows\System\ohYxaby.exe
  2⤵
  PID:8764
- C:\Windows\System\cYuZYpj.exe
  C:\Windows\System\cYuZYpj.exe
  2⤵
  PID:8896
- C:\Windows\System\wDRlxst.exe
  C:\Windows\System\wDRlxst.exe
  2⤵
  PID:9044
- C:\Windows\System\NgboLra.exe
  C:\Windows\System\NgboLra.exe
  2⤵
  PID:8264
- C:\Windows\System\pPABDzx.exe
  C:\Windows\System\pPABDzx.exe
  2⤵
  PID:8472
- C:\Windows\System\sDUlEpE.exe
  C:\Windows\System\sDUlEpE.exe
  2⤵
  PID:8732
- C:\Windows\System\mMIWrSj.exe
  C:\Windows\System\mMIWrSj.exe
  2⤵
  PID:9092
- C:\Windows\System\gosEjRN.exe
  C:\Windows\System\gosEjRN.exe
  2⤵
  PID:8852
- C:\Windows\System\fsqMBDS.exe
  C:\Windows\System\fsqMBDS.exe
  2⤵
  PID:6788
- C:\Windows\System\jOTZbAL.exe
  C:\Windows\System\jOTZbAL.exe
  2⤵
  PID:9232
- C:\Windows\System\qbkbpJG.exe
  C:\Windows\System\qbkbpJG.exe
  2⤵
  PID:9268
- C:\Windows\System\mLalgAv.exe
  C:\Windows\System\mLalgAv.exe
  2⤵
  PID:9296
- C:\Windows\System\QIjBKOZ.exe
  C:\Windows\System\QIjBKOZ.exe
  2⤵
  PID:9316
- C:\Windows\System\luBlRFS.exe
  C:\Windows\System\luBlRFS.exe
  2⤵
  PID:9344
- C:\Windows\System\AUMtxlt.exe
  C:\Windows\System\AUMtxlt.exe
  2⤵
  PID:9372
- C:\Windows\System\ChVdAan.exe
  C:\Windows\System\ChVdAan.exe
  2⤵
  PID:9400
- C:\Windows\System\CXMeYvP.exe
  C:\Windows\System\CXMeYvP.exe
  2⤵
  PID:9428
- C:\Windows\System\xSOCZST.exe
  C:\Windows\System\xSOCZST.exe
  2⤵
  PID:9456
- C:\Windows\System\EUjGhei.exe
  C:\Windows\System\EUjGhei.exe
  2⤵
  PID:9484
- C:\Windows\System\kDsxEHw.exe
  C:\Windows\System\kDsxEHw.exe
  2⤵
  PID:9520
- C:\Windows\System\FYQOpyk.exe
  C:\Windows\System\FYQOpyk.exe
  2⤵
  PID:9540
- C:\Windows\System\RebcXvp.exe
  C:\Windows\System\RebcXvp.exe
  2⤵
  PID:9568
- C:\Windows\System\kfxhTmb.exe
  C:\Windows\System\kfxhTmb.exe
  2⤵
  PID:9596
- C:\Windows\System\sZFSpXl.exe
  C:\Windows\System\sZFSpXl.exe
  2⤵
  PID:9624
- C:\Windows\System\YvtKlTq.exe
  C:\Windows\System\YvtKlTq.exe
  2⤵
  PID:9660
- C:\Windows\System\BIrboJv.exe
  C:\Windows\System\BIrboJv.exe
  2⤵
  PID:9680
- C:\Windows\System\brdoDPV.exe
  C:\Windows\System\brdoDPV.exe
  2⤵
  PID:9712
- C:\Windows\System\mgrELCf.exe
  C:\Windows\System\mgrELCf.exe
  2⤵
  PID:9736
- C:\Windows\System\RjDuKDL.exe
  C:\Windows\System\RjDuKDL.exe
  2⤵
  PID:9776
- C:\Windows\System\rmTKiCy.exe
  C:\Windows\System\rmTKiCy.exe
  2⤵
  PID:9796
- C:\Windows\System\ieVEwqQ.exe
  C:\Windows\System\ieVEwqQ.exe
  2⤵
  PID:9832
- C:\Windows\System\mKbTmyB.exe
  C:\Windows\System\mKbTmyB.exe
  2⤵
  PID:9864
- C:\Windows\System\cdtFxDs.exe
  C:\Windows\System\cdtFxDs.exe
  2⤵
  PID:9912
- C:\Windows\System\lZyGIEf.exe
  C:\Windows\System\lZyGIEf.exe
  2⤵
  PID:9972
- C:\Windows\System\gtQENxy.exe
  C:\Windows\System\gtQENxy.exe
  2⤵
  PID:9988
- C:\Windows\System\qrApLyL.exe
  C:\Windows\System\qrApLyL.exe
  2⤵
  PID:10084
- C:\Windows\System\mRInDgX.exe
  C:\Windows\System\mRInDgX.exe
  2⤵
  PID:10116
- C:\Windows\System\jHHdoJO.exe
  C:\Windows\System\jHHdoJO.exe
  2⤵
  PID:10144
- C:\Windows\System\PnpRjql.exe
  C:\Windows\System\PnpRjql.exe
  2⤵
  PID:10184
- C:\Windows\System\cYopaFl.exe
  C:\Windows\System\cYopaFl.exe
  2⤵
  PID:10216
- C:\Windows\System\nrgjlsi.exe
  C:\Windows\System\nrgjlsi.exe
  2⤵
  PID:9224
- C:\Windows\System\nfujxDE.exe
  C:\Windows\System\nfujxDE.exe
  2⤵
  PID:9284
- C:\Windows\System\WNvNzxS.exe
  C:\Windows\System\WNvNzxS.exe
  2⤵
  PID:9356
- C:\Windows\System\rFnmUnh.exe
  C:\Windows\System\rFnmUnh.exe
  2⤵
  PID:9420
- C:\Windows\System\eaEisem.exe
  C:\Windows\System\eaEisem.exe
  2⤵
  PID:9496
- C:\Windows\System\dUHqNxC.exe
  C:\Windows\System\dUHqNxC.exe
  2⤵
  PID:9552
- C:\Windows\System\PuqfMar.exe
  C:\Windows\System\PuqfMar.exe
  2⤵
  PID:9608
- C:\Windows\System\RTbKPoR.exe
  C:\Windows\System\RTbKPoR.exe
  2⤵
  PID:9668
- C:\Windows\System\gqozySZ.exe
  C:\Windows\System\gqozySZ.exe
  2⤵
  PID:9728
- C:\Windows\System\oqzYCJR.exe
  C:\Windows\System\oqzYCJR.exe
  2⤵
  PID:9788
- C:\Windows\System\VYjHmsA.exe
  C:\Windows\System\VYjHmsA.exe
  2⤵
  PID:9880
- C:\Windows\System\fSojjcO.exe
  C:\Windows\System\fSojjcO.exe
  2⤵
  PID:9984
- C:\Windows\System\uBOxQXa.exe
  C:\Windows\System\uBOxQXa.exe
  2⤵
  PID:10092
- C:\Windows\System\tVnSqUl.exe
  C:\Windows\System\tVnSqUl.exe
  2⤵
  PID:10156
- C:\Windows\System\xBPAngy.exe
  C:\Windows\System\xBPAngy.exe
  2⤵
  PID:10236
- C:\Windows\System\vkeUmtm.exe
  C:\Windows\System\vkeUmtm.exe
  2⤵
  PID:4860
- C:\Windows\System\VSdCBjS.exe
  C:\Windows\System\VSdCBjS.exe
  2⤵
  PID:9468
- C:\Windows\System\eBxqNoV.exe
  C:\Windows\System\eBxqNoV.exe
  2⤵
  PID:9580
- C:\Windows\System\SSniIEd.exe
  C:\Windows\System\SSniIEd.exe
  2⤵
  PID:9704
- C:\Windows\System\baJhDTL.exe
  C:\Windows\System\baJhDTL.exe
  2⤵
  PID:9856
- C:\Windows\System\zmXlvKt.exe
  C:\Windows\System\zmXlvKt.exe
  2⤵
  PID:10124
- C:\Windows\System\wtLQqBK.exe
  C:\Windows\System\wtLQqBK.exe
  2⤵
  PID:9812
- C:\Windows\System\ZFzIeeh.exe
  C:\Windows\System\ZFzIeeh.exe
  2⤵
  PID:8612
- C:\Windows\System\fYOCDue.exe
  C:\Windows\System\fYOCDue.exe
  2⤵
  PID:9968
- C:\Windows\System\PVKAGpE.exe
  C:\Windows\System\PVKAGpE.exe
  2⤵
  PID:9508
- C:\Windows\System\WIBBMAg.exe
  C:\Windows\System\WIBBMAg.exe
  2⤵
  PID:9828
- C:\Windows\System\DeTUCrO.exe
  C:\Windows\System\DeTUCrO.exe
  2⤵
  PID:10244
- C:\Windows\System\PunLPhu.exe
  C:\Windows\System\PunLPhu.exe
  2⤵
  PID:10272
- C:\Windows\System\oASEKrO.exe
  C:\Windows\System\oASEKrO.exe
  2⤵
  PID:10300
- C:\Windows\System\tQrfsYK.exe
  C:\Windows\System\tQrfsYK.exe
  2⤵
  PID:10328
- C:\Windows\System\rvsTRkS.exe
  C:\Windows\System\rvsTRkS.exe
  2⤵
  PID:10364
- C:\Windows\System\JNCEMgo.exe
  C:\Windows\System\JNCEMgo.exe
  2⤵
  PID:10388
- C:\Windows\System\SEURWLi.exe
  C:\Windows\System\SEURWLi.exe
  2⤵
  PID:10412
- C:\Windows\System\dQswngH.exe
  C:\Windows\System\dQswngH.exe
  2⤵
  PID:10440
- C:\Windows\System\rNLWdIA.exe
  C:\Windows\System\rNLWdIA.exe
  2⤵
  PID:10468
- C:\Windows\System\TRlHbIi.exe
  C:\Windows\System\TRlHbIi.exe
  2⤵
  PID:10496
- C:\Windows\System\oqPxeQe.exe
  C:\Windows\System\oqPxeQe.exe
  2⤵
  PID:10524
- C:\Windows\System\sgSqmbT.exe
  C:\Windows\System\sgSqmbT.exe
  2⤵
  PID:10552
- C:\Windows\System\RCYgAIk.exe
  C:\Windows\System\RCYgAIk.exe
  2⤵
  PID:10580
- C:\Windows\System\fprAUCo.exe
  C:\Windows\System\fprAUCo.exe
  2⤵
  PID:10608
- C:\Windows\System\fZiQmcx.exe
  C:\Windows\System\fZiQmcx.exe
  2⤵
  PID:10636
- C:\Windows\System\RhVaZIa.exe
  C:\Windows\System\RhVaZIa.exe
  2⤵
  PID:10664
- C:\Windows\System\cmtaKER.exe
  C:\Windows\System\cmtaKER.exe
  2⤵
  PID:10692
- C:\Windows\System\ErJbOHP.exe
  C:\Windows\System\ErJbOHP.exe
  2⤵
  PID:10720
- C:\Windows\System\FHgYMLn.exe
  C:\Windows\System\FHgYMLn.exe
  2⤵
  PID:10752
- C:\Windows\System\JaLkItP.exe
  C:\Windows\System\JaLkItP.exe
  2⤵
  PID:10776
- C:\Windows\System\jTVRLCs.exe
  C:\Windows\System\jTVRLCs.exe
  2⤵
  PID:10808
- C:\Windows\System\pGZnwTl.exe
  C:\Windows\System\pGZnwTl.exe
  2⤵
  PID:10836
- C:\Windows\System\bWhUdDL.exe
  C:\Windows\System\bWhUdDL.exe
  2⤵
  PID:10860
- C:\Windows\System\aCNvJRz.exe
  C:\Windows\System\aCNvJRz.exe
  2⤵
  PID:10892
- C:\Windows\System\pLGSiZN.exe
  C:\Windows\System\pLGSiZN.exe
  2⤵
  PID:10924
- C:\Windows\System\OLKwTMa.exe
  C:\Windows\System\OLKwTMa.exe
  2⤵
  PID:10944
- C:\Windows\System\DYzOaBT.exe
  C:\Windows\System\DYzOaBT.exe
  2⤵
  PID:10972
- C:\Windows\System\bgmfOgw.exe
  C:\Windows\System\bgmfOgw.exe
  2⤵
  PID:11004
- C:\Windows\System\ZAEIOOu.exe
  C:\Windows\System\ZAEIOOu.exe
  2⤵
  PID:11032
- C:\Windows\System\GgOCDuN.exe
  C:\Windows\System\GgOCDuN.exe
  2⤵
  PID:11076
- C:\Windows\System\DbvxbVQ.exe
  C:\Windows\System\DbvxbVQ.exe
  2⤵
  PID:11104
- C:\Windows\System\ggrEmTH.exe
  C:\Windows\System\ggrEmTH.exe
  2⤵
  PID:11120
- C:\Windows\System\wgENRAZ.exe
  C:\Windows\System\wgENRAZ.exe
  2⤵
  PID:11148
- C:\Windows\System\MXRBxzh.exe
  C:\Windows\System\MXRBxzh.exe
  2⤵
  PID:11176
- C:\Windows\System\BDZqoKa.exe
  C:\Windows\System\BDZqoKa.exe
  2⤵
  PID:11204
- C:\Windows\System\dPTjxke.exe
  C:\Windows\System\dPTjxke.exe
  2⤵
  PID:11232
- C:\Windows\System\HOhlltz.exe
  C:\Windows\System\HOhlltz.exe
  2⤵
  PID:11260
- C:\Windows\System\zjUCKEA.exe
  C:\Windows\System\zjUCKEA.exe
  2⤵
  PID:10292
- C:\Windows\System\BDVXBtO.exe
  C:\Windows\System\BDVXBtO.exe
  2⤵
  PID:10352
- C:\Windows\System\VbLJRZh.exe
  C:\Windows\System\VbLJRZh.exe
  2⤵
  PID:10432
- C:\Windows\System\vwKHHTt.exe
  C:\Windows\System\vwKHHTt.exe
  2⤵
  PID:10520
- C:\Windows\System\uvBePwc.exe
  C:\Windows\System\uvBePwc.exe
  2⤵
  PID:10600
- C:\Windows\System\DfBEThr.exe
  C:\Windows\System\DfBEThr.exe
  2⤵
  PID:10648
- C:\Windows\System\jHaVFsL.exe
  C:\Windows\System\jHaVFsL.exe
  2⤵
  PID:10712
- C:\Windows\System\iqikgIc.exe
  C:\Windows\System\iqikgIc.exe
  2⤵
  PID:5088
- C:\Windows\System\drlYvaj.exe
  C:\Windows\System\drlYvaj.exe
  2⤵
  PID:10816
- C:\Windows\System\GGcOlqC.exe
  C:\Windows\System\GGcOlqC.exe
  2⤵
  PID:10880
- C:\Windows\System\hoYRcYX.exe
  C:\Windows\System\hoYRcYX.exe
  2⤵
  PID:10940
- C:\Windows\System\LZjIOan.exe
  C:\Windows\System\LZjIOan.exe
  2⤵
  PID:11016
- C:\Windows\System\ocWCqTP.exe
  C:\Windows\System\ocWCqTP.exe
  2⤵
  PID:11056
- C:\Windows\System\eBfbQbi.exe
  C:\Windows\System\eBfbQbi.exe
  2⤵
  PID:11132
- C:\Windows\System\mTlvphy.exe
  C:\Windows\System\mTlvphy.exe
  2⤵
  PID:11200
- C:\Windows\System\zdncilY.exe
  C:\Windows\System\zdncilY.exe
  2⤵
  PID:11252
- C:\Windows\System\mcsbzOM.exe
  C:\Windows\System\mcsbzOM.exe
  2⤵
  PID:10348
- C:\Windows\System\HRxTgIn.exe
  C:\Windows\System\HRxTgIn.exe
  2⤵
  PID:3380
- C:\Windows\System\DQTCnDa.exe
  C:\Windows\System\DQTCnDa.exe
  2⤵
  PID:4892
- C:\Windows\System\kngYPkx.exe
  C:\Windows\System\kngYPkx.exe
  2⤵
  PID:6320
- C:\Windows\System\JRjoyaS.exe
  C:\Windows\System\JRjoyaS.exe
  2⤵
  PID:10632
- C:\Windows\System\DlYbGcY.exe
  C:\Windows\System\DlYbGcY.exe
  2⤵
  PID:10744
- C:\Windows\System\vLRsGcc.exe
  C:\Windows\System\vLRsGcc.exe
  2⤵
  PID:10872
- C:\Windows\System\BJMRKdU.exe
  C:\Windows\System\BJMRKdU.exe
  2⤵
  PID:11044
- C:\Windows\System\nQaakgL.exe
  C:\Windows\System\nQaakgL.exe
  2⤵
  PID:11172
- C:\Windows\System\etdkpeX.exe
  C:\Windows\System\etdkpeX.exe
  2⤵
  PID:10268
- C:\Windows\System\jvIxwlL.exe
  C:\Windows\System\jvIxwlL.exe
  2⤵
  PID:6264
- C:\Windows\System\gAGsdip.exe
  C:\Windows\System\gAGsdip.exe
  2⤵
  PID:10620
- C:\Windows\System\JDNnCtZ.exe
  C:\Windows\System\JDNnCtZ.exe
  2⤵
  PID:3176
- C:\Windows\System\SgTiXLS.exe
  C:\Windows\System\SgTiXLS.exe
  2⤵
  PID:10968
- C:\Windows\System\HyLSqJx.exe
  C:\Windows\System\HyLSqJx.exe
  2⤵
  PID:10404
- C:\Windows\System\yqCrrVg.exe
  C:\Windows\System\yqCrrVg.exe
  2⤵
  PID:3276
- C:\Windows\System\SssXqXh.exe
  C:\Windows\System\SssXqXh.exe
  2⤵
  PID:10992
- C:\Windows\System\LIAQGyW.exe
  C:\Windows\System\LIAQGyW.exe
  2⤵
  PID:4656
- C:\Windows\System\vdpaThl.exe
  C:\Windows\System\vdpaThl.exe
  2⤵
  PID:4056
- C:\Windows\System\kedwmtF.exe
  C:\Windows\System\kedwmtF.exe
  2⤵
  PID:11284
- C:\Windows\System\VnWCFri.exe
  C:\Windows\System\VnWCFri.exe
  2⤵
  PID:11312
- C:\Windows\System\kWmtfXh.exe
  C:\Windows\System\kWmtfXh.exe
  2⤵
  PID:11340
- C:\Windows\System\tjUQOgQ.exe
  C:\Windows\System\tjUQOgQ.exe
  2⤵
  PID:11368
- C:\Windows\System\kQKJlOj.exe
  C:\Windows\System\kQKJlOj.exe
  2⤵
  PID:11396
- C:\Windows\System\PWNmgWj.exe
  C:\Windows\System\PWNmgWj.exe
  2⤵
  PID:11424
- C:\Windows\System\iPfILrL.exe
  C:\Windows\System\iPfILrL.exe
  2⤵
  PID:11452
- C:\Windows\System\czUyNQQ.exe
  C:\Windows\System\czUyNQQ.exe
  2⤵
  PID:11480
- C:\Windows\System\zzcxtKW.exe
  C:\Windows\System\zzcxtKW.exe
  2⤵
  PID:11508
- C:\Windows\System\GvMfPuW.exe
  C:\Windows\System\GvMfPuW.exe
  2⤵
  PID:11536
- C:\Windows\System\cllZoyY.exe
  C:\Windows\System\cllZoyY.exe
  2⤵
  PID:11564
- C:\Windows\System\fSVzwBB.exe
  C:\Windows\System\fSVzwBB.exe
  2⤵
  PID:11592
- C:\Windows\System\UIMvSMq.exe
  C:\Windows\System\UIMvSMq.exe
  2⤵
  PID:11620
- C:\Windows\System\KudgwcH.exe
  C:\Windows\System\KudgwcH.exe
  2⤵
  PID:11648
- C:\Windows\System\RxYPDek.exe
  C:\Windows\System\RxYPDek.exe
  2⤵
  PID:11676
- C:\Windows\System\DnnyeVF.exe
  C:\Windows\System\DnnyeVF.exe
  2⤵
  PID:11708
- C:\Windows\System\mxUnijD.exe
  C:\Windows\System\mxUnijD.exe
  2⤵
  PID:11736
- C:\Windows\System\mrIRiEI.exe
  C:\Windows\System\mrIRiEI.exe
  2⤵
  PID:11764
- C:\Windows\System\tDueITN.exe
  C:\Windows\System\tDueITN.exe
  2⤵
  PID:11792
- C:\Windows\System\wybKFZS.exe
  C:\Windows\System\wybKFZS.exe
  2⤵
  PID:11820
- C:\Windows\System\JWCXAof.exe
  C:\Windows\System\JWCXAof.exe
  2⤵
  PID:11848
- C:\Windows\System\tSKdFOb.exe
  C:\Windows\System\tSKdFOb.exe
  2⤵
  PID:11876
- C:\Windows\System\TJvOcxs.exe
  C:\Windows\System\TJvOcxs.exe
  2⤵
  PID:11904
- C:\Windows\System\ziBJBwx.exe
  C:\Windows\System\ziBJBwx.exe
  2⤵
  PID:11948
- C:\Windows\System\nJJfuwT.exe
  C:\Windows\System\nJJfuwT.exe
  2⤵
  PID:11964
- C:\Windows\System\LDXymKe.exe
  C:\Windows\System\LDXymKe.exe
  2⤵
  PID:11992
- C:\Windows\System\XQrNBVH.exe
  C:\Windows\System\XQrNBVH.exe
  2⤵
  PID:12024
- C:\Windows\System\grZrxVz.exe
  C:\Windows\System\grZrxVz.exe
  2⤵
  PID:12048
- C:\Windows\System\QBGUjzm.exe
  C:\Windows\System\QBGUjzm.exe
  2⤵
  PID:12076
- C:\Windows\System\iCUjqkY.exe
  C:\Windows\System\iCUjqkY.exe
  2⤵
  PID:12104
- C:\Windows\System\oncsNFm.exe
  C:\Windows\System\oncsNFm.exe
  2⤵
  PID:12132
- C:\Windows\System\KVkrCPE.exe
  C:\Windows\System\KVkrCPE.exe
  2⤵
  PID:12160
- C:\Windows\System\fGVWZpL.exe
  C:\Windows\System\fGVWZpL.exe
  2⤵
  PID:12188
- C:\Windows\System\rxRERQw.exe
  C:\Windows\System\rxRERQw.exe
  2⤵
  PID:12216
- C:\Windows\System\MnrFakB.exe
  C:\Windows\System\MnrFakB.exe
  2⤵
  PID:12244
- C:\Windows\System\CmjvZSZ.exe
  C:\Windows\System\CmjvZSZ.exe
  2⤵
  PID:12272
- C:\Windows\System\VHpVvtB.exe
  C:\Windows\System\VHpVvtB.exe
  2⤵
  PID:11296
- C:\Windows\System\BCgWYEP.exe
  C:\Windows\System\BCgWYEP.exe
  2⤵
  PID:4436
- C:\Windows\System\aXuugUu.exe
  C:\Windows\System\aXuugUu.exe
  2⤵
  PID:11408
- C:\Windows\System\pRWbkPY.exe
  C:\Windows\System\pRWbkPY.exe
  2⤵
  PID:11464
- C:\Windows\System\otcJTUX.exe
  C:\Windows\System\otcJTUX.exe
  2⤵
  PID:11504
- C:\Windows\System\aSHutZo.exe
  C:\Windows\System\aSHutZo.exe
  2⤵
  PID:11576
- C:\Windows\System\NfLMUoZ.exe
  C:\Windows\System\NfLMUoZ.exe
  2⤵
  PID:11640
- C:\Windows\System\sBYmDpW.exe
  C:\Windows\System\sBYmDpW.exe
  2⤵
  PID:11700
- C:\Windows\System\mKlwZxF.exe
  C:\Windows\System\mKlwZxF.exe
  2⤵
  PID:11760
- C:\Windows\System\APTmuuV.exe
  C:\Windows\System\APTmuuV.exe
  2⤵
  PID:4316
- C:\Windows\System\rFCVOUY.exe
  C:\Windows\System\rFCVOUY.exe
  2⤵
  PID:11888
- C:\Windows\System\emVFZlc.exe
  C:\Windows\System\emVFZlc.exe
  2⤵
  PID:11928
- C:\Windows\System\draNwYA.exe
  C:\Windows\System\draNwYA.exe
  2⤵
  PID:12012
- C:\Windows\System\cpYYdDt.exe
  C:\Windows\System\cpYYdDt.exe
  2⤵
  PID:12068
- C:\Windows\System\hwqNial.exe
  C:\Windows\System\hwqNial.exe
  2⤵
  PID:12128
- C:\Windows\System\PRdKAyW.exe
  C:\Windows\System\PRdKAyW.exe
  2⤵
  PID:12200
- C:\Windows\System\VKmEVLb.exe
  C:\Windows\System\VKmEVLb.exe
  2⤵
  PID:12264
- C:\Windows\System\NCVhqDu.exe
  C:\Windows\System\NCVhqDu.exe
  2⤵
  PID:11324
- C:\Windows\System\iueKDJp.exe
  C:\Windows\System\iueKDJp.exe
  2⤵
  PID:11436
- C:\Windows\System\zMggupd.exe
  C:\Windows\System\zMggupd.exe
  2⤵
  PID:11532
- C:\Windows\System\dpAfIqS.exe
  C:\Windows\System\dpAfIqS.exe
  2⤵
  PID:11688
- C:\Windows\System\FyNBUcI.exe
  C:\Windows\System\FyNBUcI.exe
  2⤵
  PID:396
- C:\Windows\System\gCsFdMU.exe
  C:\Windows\System\gCsFdMU.exe
  2⤵
  PID:11816
- C:\Windows\System\XZiOEyH.exe
  C:\Windows\System\XZiOEyH.exe
  2⤵
  PID:11944
- C:\Windows\System\hKDYEQH.exe
  C:\Windows\System\hKDYEQH.exe
  2⤵
  PID:12060
- C:\Windows\System\uaTCRPo.exe
  C:\Windows\System\uaTCRPo.exe
  2⤵
  PID:3976
- C:\Windows\System\RxucxHm.exe
  C:\Windows\System\RxucxHm.exe
  2⤵
  PID:11280
- C:\Windows\System\wkukYuO.exe
  C:\Windows\System\wkukYuO.exe
  2⤵
  PID:11500
- C:\Windows\System\IZwXctf.exe
  C:\Windows\System\IZwXctf.exe
  2⤵
  PID:11728
- C:\Windows\System\BuRWOIq.exe
  C:\Windows\System\BuRWOIq.exe
  2⤵
  PID:11900
- C:\Windows\System\apCVhrL.exe
  C:\Windows\System\apCVhrL.exe
  2⤵
  PID:12284
- C:\Windows\System\fnIwSTt.exe
  C:\Windows\System\fnIwSTt.exe
  2⤵
  PID:4740
- C:\Windows\System\QnaMOia.exe
  C:\Windows\System\QnaMOia.exe
  2⤵
  PID:12116
- C:\Windows\System\ePUUdXQ.exe
  C:\Windows\System\ePUUdXQ.exe
  2⤵
  PID:6272
- C:\Windows\System\eGaFXlu.exe
  C:\Windows\System\eGaFXlu.exe
  2⤵
  PID:11872
- C:\Windows\System\FTspTkk.exe
  C:\Windows\System\FTspTkk.exe
  2⤵
  PID:12308
- C:\Windows\System\KCeIJNu.exe
  C:\Windows\System\KCeIJNu.exe
  2⤵
  PID:12344
- C:\Windows\System\RPuoTzK.exe
  C:\Windows\System\RPuoTzK.exe
  2⤵
  PID:12368
- C:\Windows\System\KJdTBFQ.exe
  C:\Windows\System\KJdTBFQ.exe
  2⤵
  PID:12396
- C:\Windows\System\GvuHQsc.exe
  C:\Windows\System\GvuHQsc.exe
  2⤵
  PID:12424
- C:\Windows\System\OhxLbln.exe
  C:\Windows\System\OhxLbln.exe
  2⤵
  PID:12452
- C:\Windows\System\ZgdhqZP.exe
  C:\Windows\System\ZgdhqZP.exe
  2⤵
  PID:12488
- C:\Windows\System\PZUsNnN.exe
  C:\Windows\System\PZUsNnN.exe
  2⤵
  PID:12508
- C:\Windows\System\mWNpxfJ.exe
  C:\Windows\System\mWNpxfJ.exe
  2⤵
  PID:12536
- C:\Windows\System\bKSkMWP.exe
  C:\Windows\System\bKSkMWP.exe
  2⤵
  PID:12564
- C:\Windows\System\kTfwczn.exe
  C:\Windows\System\kTfwczn.exe
  2⤵
  PID:12592
- C:\Windows\System\NUutWyl.exe
  C:\Windows\System\NUutWyl.exe
  2⤵
  PID:12620
- C:\Windows\System\OVmnfwU.exe
  C:\Windows\System\OVmnfwU.exe
  2⤵
  PID:12648
- C:\Windows\System\GpVfEJg.exe
  C:\Windows\System\GpVfEJg.exe
  2⤵
  PID:12676
- C:\Windows\System\TudIAPA.exe
  C:\Windows\System\TudIAPA.exe
  2⤵
  PID:12704
- C:\Windows\System\cpSBEPF.exe
  C:\Windows\System\cpSBEPF.exe
  2⤵
  PID:12732
- C:\Windows\System\EriKtlK.exe
  C:\Windows\System\EriKtlK.exe
  2⤵
  PID:12768
- C:\Windows\System\NlBzIwv.exe
  C:\Windows\System\NlBzIwv.exe
  2⤵
  PID:12788
- C:\Windows\System\PsEkREs.exe
  C:\Windows\System\PsEkREs.exe
  2⤵
  PID:12816
- C:\Windows\System\MMozXsi.exe
  C:\Windows\System\MMozXsi.exe
  2⤵
  PID:12848
- C:\Windows\System\AkRQUkP.exe
  C:\Windows\System\AkRQUkP.exe
  2⤵
  PID:12912
- C:\Windows\System\SONwcYk.exe
  C:\Windows\System\SONwcYk.exe
  2⤵
  PID:12944
- C:\Windows\System\DHEvIAK.exe
  C:\Windows\System\DHEvIAK.exe
  2⤵
  PID:12968
- C:\Windows\System\RZRkXYO.exe
  C:\Windows\System\RZRkXYO.exe
  2⤵
  PID:13012
- C:\Windows\System\fOVVETm.exe
  C:\Windows\System\fOVVETm.exe
  2⤵
  PID:13048
- C:\Windows\System\yPXozkW.exe
  C:\Windows\System\yPXozkW.exe
  2⤵
  PID:13076
- C:\Windows\System\qEnESfg.exe
  C:\Windows\System\qEnESfg.exe
  2⤵
  PID:13104
- C:\Windows\System\MFcrPcC.exe
  C:\Windows\System\MFcrPcC.exe
  2⤵
  PID:13136
- C:\Windows\System\DGnBAne.exe
  C:\Windows\System\DGnBAne.exe
  2⤵
  PID:13164
- C:\Windows\System\RsKhVFC.exe
  C:\Windows\System\RsKhVFC.exe
  2⤵
  PID:13192
- C:\Windows\System\DACsKjx.exe
  C:\Windows\System\DACsKjx.exe
  2⤵
  PID:13220
- C:\Windows\System\mVuwuKT.exe
  C:\Windows\System\mVuwuKT.exe
  2⤵
  PID:13252
- C:\Windows\System\kAvwAsT.exe
  C:\Windows\System\kAvwAsT.exe
  2⤵
  PID:13284
- C:\Windows\System\gcIOiQm.exe
  C:\Windows\System\gcIOiQm.exe
  2⤵
  PID:12320
- C:\Windows\System\GlJYuGq.exe
  C:\Windows\System\GlJYuGq.exe
  2⤵
  PID:12380
- C:\Windows\System\OdHdGxR.exe
  C:\Windows\System\OdHdGxR.exe
  2⤵
  PID:12444
- C:\Windows\System\QpmPAbD.exe
  C:\Windows\System\QpmPAbD.exe
  2⤵
  PID:12504
- C:\Windows\System\zsVHKHv.exe
  C:\Windows\System\zsVHKHv.exe
  2⤵
  PID:12560
- C:\Windows\System\VFxxawU.exe
  C:\Windows\System\VFxxawU.exe
  2⤵
  PID:12632
- C:\Windows\System\EVaZoeV.exe
  C:\Windows\System\EVaZoeV.exe
  2⤵
  PID:12696
- C:\Windows\System\OaTDYNh.exe
  C:\Windows\System\OaTDYNh.exe
  2⤵
  PID:12784
- C:\Windows\System\RZguqVa.exe
  C:\Windows\System\RZguqVa.exe
  2⤵
  PID:12828
- C:\Windows\System\RpqmvAv.exe
  C:\Windows\System\RpqmvAv.exe
  2⤵
  PID:4992
- C:\Windows\System\rMQqHug.exe
  C:\Windows\System\rMQqHug.exe
  2⤵
  PID:12920
- C:\Windows\System\HcPtCSJ.exe
  C:\Windows\System\HcPtCSJ.exe
  2⤵
  PID:1544
- C:\Windows\System\PzPhbvW.exe
  C:\Windows\System\PzPhbvW.exe
  2⤵
  PID:13068
- C:\Windows\System\OcZQpuM.exe
  C:\Windows\System\OcZQpuM.exe
  2⤵
  PID:2956
- C:\Windows\System\EoCCtjs.exe
  C:\Windows\System\EoCCtjs.exe
  2⤵
  PID:13156
- C:\Windows\System\GMzDobc.exe
  C:\Windows\System\GMzDobc.exe
  2⤵
  PID:13204
- C:\Windows\System\hkThNGp.exe
  C:\Windows\System\hkThNGp.exe
  2⤵
  PID:3228
- C:\Windows\System\JxnkixU.exe
  C:\Windows\System\JxnkixU.exe
  2⤵
  PID:13296
- C:\Windows\System\MvGyslo.exe
  C:\Windows\System\MvGyslo.exe
  2⤵
  PID:12352
- C:\Windows\System\cpvkVla.exe
  C:\Windows\System\cpvkVla.exe
  2⤵
  PID:1152
- C:\Windows\System\CLFHBum.exe
  C:\Windows\System\CLFHBum.exe
  2⤵
  PID:12588
- C:\Windows\System\lKxsCAy.exe
  C:\Windows\System\lKxsCAy.exe
  2⤵
  PID:12744
- C:\Windows\System\ceeSvvi.exe
  C:\Windows\System\ceeSvvi.exe
  2⤵
  PID:3440
- C:\Windows\System\XigWrTU.exe
  C:\Windows\System\XigWrTU.exe
  2⤵
  PID:5092
- C:\Windows\System\LbvkfSo.exe
  C:\Windows\System\LbvkfSo.exe
  2⤵
  PID:13024
- C:\Windows\System\KNKBXEW.exe
  C:\Windows\System\KNKBXEW.exe
  2⤵
  PID:3476
- C:\Windows\System\gvmsBzi.exe
  C:\Windows\System\gvmsBzi.exe
  2⤵
  PID:1076
- C:\Windows\System\WHHuoVv.exe
  C:\Windows\System\WHHuoVv.exe
  2⤵
  PID:12332
- C:\Windows\System\RyQomBq.exe
  C:\Windows\System\RyQomBq.exe
  2⤵
  PID:4456
- C:\Windows\System\gGnCsxj.exe
  C:\Windows\System\gGnCsxj.exe
  2⤵
  PID:2656
- C:\Windows\System\zSwszWM.exe
  C:\Windows\System\zSwszWM.exe
  2⤵
  PID:12980
- C:\Windows\System\qJHYKcC.exe
  C:\Windows\System\qJHYKcC.exe
  2⤵
  PID:4644
- C:\Windows\System\fkFPWNc.exe
  C:\Windows\System\fkFPWNc.exe
  2⤵
  PID:12612
- C:\Windows\System\pRteWbR.exe
  C:\Windows\System\pRteWbR.exe
  2⤵
  PID:12960
- C:\Windows\System\QDKTncl.exe
  C:\Windows\System\QDKTncl.exe
  2⤵
  PID:2472
- C:\Windows\System\eRMEjGf.exe
  C:\Windows\System\eRMEjGf.exe
  2⤵
  PID:12472
- C:\Windows\System\hzAoIxZ.exe
  C:\Windows\System\hzAoIxZ.exe
  2⤵
  PID:13340
- C:\Windows\System\EBmFEjR.exe
  C:\Windows\System\EBmFEjR.exe
  2⤵
  PID:13368
- C:\Windows\System\uyXnGmP.exe
  C:\Windows\System\uyXnGmP.exe
  2⤵
  PID:13396
- C:\Windows\System\JMHUJQH.exe
  C:\Windows\System\JMHUJQH.exe
  2⤵
  PID:13424
- C:\Windows\System\ThwBCdB.exe
  C:\Windows\System\ThwBCdB.exe
  2⤵
  PID:13452
- C:\Windows\System\rbllBpu.exe
  C:\Windows\System\rbllBpu.exe
  2⤵
  PID:13480
- C:\Windows\System\sweAGRn.exe
  C:\Windows\System\sweAGRn.exe
  2⤵
  PID:13508
- C:\Windows\System\yYXddxP.exe
  C:\Windows\System\yYXddxP.exe
  2⤵
  PID:13536
- C:\Windows\System\QdvcsdK.exe
  C:\Windows\System\QdvcsdK.exe
  2⤵
  PID:13564
- C:\Windows\System\MkVbUZK.exe
  C:\Windows\System\MkVbUZK.exe
  2⤵
  PID:13592
- C:\Windows\System\aBXZLNF.exe
  C:\Windows\System\aBXZLNF.exe
  2⤵
  PID:13620
- C:\Windows\System\hKsbrmA.exe
  C:\Windows\System\hKsbrmA.exe
  2⤵
  PID:13648
- C:\Windows\System\bAWsbxC.exe
  C:\Windows\System\bAWsbxC.exe
  2⤵
  PID:13676
- C:\Windows\System\UNksMFl.exe
  C:\Windows\System\UNksMFl.exe
  2⤵
  PID:13708
- C:\Windows\System\kuigPUT.exe
  C:\Windows\System\kuigPUT.exe
  2⤵
  PID:13732
- C:\Windows\System\VOHfjvg.exe
  C:\Windows\System\VOHfjvg.exe
  2⤵
  PID:13760
- C:\Windows\System\dLzpfbr.exe
  C:\Windows\System\dLzpfbr.exe
  2⤵
  PID:13796
- C:\Windows\System\ArhsTZj.exe
  C:\Windows\System\ArhsTZj.exe
  2⤵
  PID:13820
- C:\Windows\System\aqAUVZf.exe
  C:\Windows\System\aqAUVZf.exe
  2⤵
  PID:13860
- C:\Windows\System\edeXjTJ.exe
  C:\Windows\System\edeXjTJ.exe
  2⤵
  PID:13876
- C:\Windows\System\taKNLEE.exe
  C:\Windows\System\taKNLEE.exe
  2⤵
  PID:13904
- C:\Windows\System\xIvxiYE.exe
  C:\Windows\System\xIvxiYE.exe
  2⤵
  PID:13940
- C:\Windows\System\kiybBRF.exe
  C:\Windows\System\kiybBRF.exe
  2⤵
  PID:13960
- C:\Windows\System\JzZGeOk.exe
  C:\Windows\System\JzZGeOk.exe
  2⤵
  PID:13988
- C:\Windows\System\LeeCTnU.exe
  C:\Windows\System\LeeCTnU.exe
  2⤵
  PID:14016
- C:\Windows\System\tUVyFHF.exe
  C:\Windows\System\tUVyFHF.exe
  2⤵
  PID:14044
- C:\Windows\System\kPcMKez.exe
  C:\Windows\System\kPcMKez.exe
  2⤵
  PID:14072
- C:\Windows\System\faZUyog.exe
  C:\Windows\System\faZUyog.exe
  2⤵
  PID:14100
- C:\Windows\System\rVNGlgj.exe
  C:\Windows\System\rVNGlgj.exe
  2⤵
  PID:14132
- C:\Windows\System\vRqvrJA.exe
  C:\Windows\System\vRqvrJA.exe
  2⤵
  PID:14160
- C:\Windows\System\bBMiFTQ.exe
  C:\Windows\System\bBMiFTQ.exe
  2⤵
  PID:14188
- C:\Windows\System\QFVaggY.exe
  C:\Windows\System\QFVaggY.exe
  2⤵
  PID:14216
- C:\Windows\System\IKPnPEN.exe
  C:\Windows\System\IKPnPEN.exe
  2⤵
  PID:14244
- C:\Windows\System\KJLjDeJ.exe
  C:\Windows\System\KJLjDeJ.exe
  2⤵
  PID:14272
- C:\Windows\System\CCjWAPG.exe
  C:\Windows\System\CCjWAPG.exe
  2⤵
  PID:14300
- C:\Windows\System\UltWxxt.exe
  C:\Windows\System\UltWxxt.exe
  2⤵
  PID:13184
- C:\Windows\System\MSyypvR.exe
  C:\Windows\System\MSyypvR.exe
  2⤵
  PID:13360
- C:\Windows\System\uCfeMuu.exe
  C:\Windows\System\uCfeMuu.exe
  2⤵
  PID:13388
- C:\Windows\System\gkhrihB.exe
  C:\Windows\System\gkhrihB.exe
  2⤵
  PID:13448
- C:\Windows\System\RwXGTtD.exe
  C:\Windows\System\RwXGTtD.exe
  2⤵
  PID:13520
- C:\Windows\System\elJEIOS.exe
  C:\Windows\System\elJEIOS.exe
  2⤵
  PID:13548
- C:\Windows\System\XQVCGKA.exe
  C:\Windows\System\XQVCGKA.exe
  2⤵
  PID:13612
- C:\Windows\System\jeYPOsS.exe
  C:\Windows\System\jeYPOsS.exe
  2⤵
  PID:13672
- C:\Windows\System\drTKkhe.exe
  C:\Windows\System\drTKkhe.exe
  2⤵
  PID:2636
- C:\Windows\System\bmOLfnG.exe
  C:\Windows\System\bmOLfnG.exe
  2⤵
  PID:13772
- C:\Windows\System\vtrJOJk.exe
  C:\Windows\System\vtrJOJk.exe
  2⤵
  PID:4296
- C:\Windows\System\sCYcgjf.exe
  C:\Windows\System\sCYcgjf.exe
  2⤵
  PID:13896
- C:\Windows\System\pBrwRGp.exe
  C:\Windows\System\pBrwRGp.exe
  2⤵
  PID:1740
- C:\Windows\System\HwOTQzY.exe
  C:\Windows\System\HwOTQzY.exe
  2⤵
  PID:14000
- C:\Windows\System\zxriDZi.exe
  C:\Windows\System\zxriDZi.exe
  2⤵
  PID:14040
- C:\Windows\System\sUsKAuj.exe
  C:\Windows\System\sUsKAuj.exe
  2⤵
  PID:14112
- C:\Windows\System\ardbfil.exe
  C:\Windows\System\ardbfil.exe
  2⤵
  PID:14200
- C:\Windows\System\NjOqnQz.exe
  C:\Windows\System\NjOqnQz.exe
  2⤵
  PID:14240
- C:\Windows\System\DJBtjKO.exe
  C:\Windows\System\DJBtjKO.exe
  2⤵
  PID:14296
- C:\Windows\System\APiOZkc.exe
  C:\Windows\System\APiOZkc.exe
  2⤵
  PID:13380
- C:\Windows\System\yEolWms.exe
  C:\Windows\System\yEolWms.exe
  2⤵
  PID:13500
- C:\Windows\System\vKgKJPt.exe
  C:\Windows\System\vKgKJPt.exe
  2⤵
  PID:13604
- C:\Windows\System\uDlTsXQ.exe
  C:\Windows\System\uDlTsXQ.exe
  2⤵
  PID:13728
- C:\Windows\System\ZyHBRxv.exe
  C:\Windows\System\ZyHBRxv.exe
  2⤵
  PID:13868
- C:\Windows\System\yyrCnRe.exe
  C:\Windows\System\yyrCnRe.exe
  2⤵
  PID:13980
- C:\Windows\System\EIolwJb.exe
  C:\Windows\System\EIolwJb.exe
  2⤵
  PID:14096
- C:\Windows\System\evvzNBt.exe
  C:\Windows\System\evvzNBt.exe
  2⤵
  PID:14212
- C:\Windows\System\gtWIHBd.exe
  C:\Windows\System\gtWIHBd.exe
  2⤵
  PID:4536
- C:\Windows\System\nDJYIya.exe
  C:\Windows\System\nDJYIya.exe
  2⤵
  PID:13528
- C:\Windows\System\dtCHZPz.exe
  C:\Windows\System\dtCHZPz.exe
  2⤵
  PID:13832
- C:\Windows\System\eJOxQFF.exe
  C:\Windows\System\eJOxQFF.exe
  2⤵
  PID:13956
- C:\Windows\System\ePcjSJg.exe
  C:\Windows\System\ePcjSJg.exe
  2⤵
  PID:14092
- C:\Windows\System\aYGCqfr.exe
  C:\Windows\System\aYGCqfr.exe
  2⤵
  PID:2436
- C:\Windows\System\JzupdiJ.exe
  C:\Windows\System\JzupdiJ.exe
  2⤵
  PID:4824
- C:\Windows\System\bdNDGZV.exe
  C:\Windows\System\bdNDGZV.exe
  2⤵
  PID:14172
- C:\Windows\System\LTmynFD.exe
  C:\Windows\System\LTmynFD.exe
  2⤵
  PID:1380
- C:\Windows\System\qgWwBui.exe
  C:\Windows\System\qgWwBui.exe
  2⤵
  PID:4068
- C:\Windows\System\Ehfcvnn.exe
  C:\Windows\System\Ehfcvnn.exe
  2⤵
  PID:14068
- C:\Windows\System\kqlhVXr.exe
  C:\Windows\System\kqlhVXr.exe
  2⤵
  PID:14352
- C:\Windows\System\etRUtRm.exe
  C:\Windows\System\etRUtRm.exe
  2⤵
  PID:14384
- C:\Windows\System\dcZoZtB.exe
  C:\Windows\System\dcZoZtB.exe
  2⤵
  PID:14412
- C:\Windows\System\HJXwIuq.exe
  C:\Windows\System\HJXwIuq.exe
  2⤵
  PID:14440
- C:\Windows\System\nMZOegz.exe
  C:\Windows\System\nMZOegz.exe
  2⤵
  PID:14476
- C:\Windows\System\nnfdsMP.exe
  C:\Windows\System\nnfdsMP.exe
  2⤵
  PID:14496
- C:\Windows\System\oJjkYTV.exe
  C:\Windows\System\oJjkYTV.exe
  2⤵
  PID:14524
- C:\Windows\System\dYnpiBq.exe
  C:\Windows\System\dYnpiBq.exe
  2⤵
  PID:14552
- C:\Windows\System\IZJYvzS.exe
  C:\Windows\System\IZJYvzS.exe
  2⤵
  PID:14592
- C:\Windows\System\BFWrKtX.exe
  C:\Windows\System\BFWrKtX.exe
  2⤵
  PID:14608
- C:\Windows\System\cHUMfHb.exe
  C:\Windows\System\cHUMfHb.exe
  2⤵
  PID:14636
- C:\Windows\System\KUxuXws.exe
  C:\Windows\System\KUxuXws.exe
  2⤵
  PID:14664
- C:\Windows\System\FRdIFMc.exe
  C:\Windows\System\FRdIFMc.exe
  2⤵
  PID:14692
- C:\Windows\System\GRcwUud.exe
  C:\Windows\System\GRcwUud.exe
  2⤵
  PID:14724
- C:\Windows\System\bMcIPMR.exe
  C:\Windows\System\bMcIPMR.exe
  2⤵
  PID:14752
- C:\Windows\System\mQbIrAC.exe
  C:\Windows\System\mQbIrAC.exe
  2⤵
  PID:14780
- C:\Windows\System\azMfFjj.exe
  C:\Windows\System\azMfFjj.exe
  2⤵
  PID:14808
- C:\Windows\System\uRgiGkw.exe
  C:\Windows\System\uRgiGkw.exe
  2⤵
  PID:14844
- C:\Windows\System\VLzVsGs.exe
  C:\Windows\System\VLzVsGs.exe
  2⤵
  PID:14864
- C:\Windows\System\tFKaGwK.exe
  C:\Windows\System\tFKaGwK.exe
  2⤵
  PID:14892
- C:\Windows\System\kRIFfjF.exe
  C:\Windows\System\kRIFfjF.exe
  2⤵
  PID:14920
- C:\Windows\System\nTJetdh.exe
  C:\Windows\System\nTJetdh.exe
  2⤵
  PID:14948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DGHtKRz.exe

Filesize
6.0MB

MD5
db0e6fce054e9a59cf8fc589b5b9ffb7

SHA1
65610f1c1cde18a6289bde150b370d5b119d6960

SHA256
bf5e586e00f130925944ee557cf717504dcc4f6ed13f70951ce4f6f2ab1ee4d3

SHA512
9b668f78d0ccf9a0e3dbb28e1dccaa38f380e9386f8beb424b517e667c0fce2c4787da91dca8a50467094c18c5ee1ac9d6b5b95d2316fc9e348806da16bd4916

Download Submit
C:\Windows\System\DNloTeX.exe

Filesize
6.0MB

MD5
63851f421a0018ab4ce17f5373d52908

SHA1
05dcb369447c6748f20a3fd853c579fa7b90ab29

SHA256
8b36212ab327119fe904386b2f5044af5ff75d2fb2357e6172c56352c854059c

SHA512
21be553f0810683f14469d5103a9cdb269449e816d0f66bbfa917b60c697d8dc384a3fd12e95526904869463689107f67c3a8fdb8e2dc4b411ae227ba483d696

Download Submit
C:\Windows\System\DbUhKCq.exe

Filesize
6.0MB

MD5
eaf6d850de1385cd7165a6bcdfccc618

SHA1
4b9954b46e255f4783ce5d301b0c68d59597b879

SHA256
5127cca82a2f3f220e6d5ec06522bb8da1296758e0af104a8c5255bd29e97a20

SHA512
1750bd494bf3a6cd9c7d21cce4fbaf2fa3ef0a48ed3a0603298fc5db4b4f76e2c550399b6af03b3f626871e037bfb5196b01afda2a19d88e2567f80d8fb9177d

Download Submit
C:\Windows\System\FAvEPby.exe

Filesize
6.0MB

MD5
a54e8be4a730f6130ade54411eb7bf04

SHA1
d35fc0d3975def1d50424c28c5d73ac79b8e52d4

SHA256
dbe90367a122162f02f5cc733f8a95b6685d6153c44680241efb119dcf7ba7e9

SHA512
5bed51957086b3cbee8d86ba4262abbdb7f2fa7199e1a5238418e6dab08aa50f04508a7eef4adc02d8d93fd05bda3ae935d4862182e0f9f85cdfaa8fc739d22b

Download Submit
C:\Windows\System\GjJenrz.exe

Filesize
6.0MB

MD5
1a5378bc55ee18fc455a32340a1e6abe

SHA1
40bd6b1a0d1f8ea2e6189e3b8843110e7da97664

SHA256
50a07fc20df87e5fa3d6172cfe3d0761d6587f29e211461265339edeb7a023c3

SHA512
75df70f07c777607e7b4a5724959e63aec680e90188817403faf9d227274de4f35dbde90443c3f38df350c8ab57d50cd1bc283a7cc9c10943ffa50670da214ac

Download Submit
C:\Windows\System\ItcQFyo.exe

Filesize
6.0MB

MD5
de2a62875a8247474c46964692a17d4c

SHA1
9b2089141ccaca24224e3c6a857330bd0e9af717

SHA256
9aae79947ce46a634de0e0e65b7d8f916b0804e98d4ea1b5c29afc62b3a6abca

SHA512
1e7a4095d1649f74c3dbd5cc5f2e0c3753ef52c28b398a7e15e65de9ae02befa74cf24c3142fbfc3735b550012e2600a805c372e6625757a1f3872e787665558

Download Submit
C:\Windows\System\JdNPYlr.exe

Filesize
6.0MB

MD5
e282f17c8cf1d2159a3bac3a4e4c9918

SHA1
52258acbc085c2f5a56c9f4877ac72db87a2d723

SHA256
c88836382d6980ebcef31955f42ca866c358ff73c0137cac0d42f1eeff6ea636

SHA512
ddd2934994a71c3dd877e7e85e8ccf5ca1da83840b9d069626c283ce9514f27d239f88015db6f35b5f1d3d6c4c67c6e12ae0c59652a1728ebae3bf9d6d2711c8

Download Submit
C:\Windows\System\KIMTocW.exe

Filesize
6.0MB

MD5
c95f39fd56a04a0242f3c2fc91af6e7f

SHA1
55a03692871ed4874575d1bf7836f89d8253da11

SHA256
e0bfea994c3f7caf9f7cca238dc16bc2ac637570995b2001cfa6af2539ff2c1d

SHA512
a759605ada1b74b30d7ef0cad481c8ba44ee4995b7d8b119c9f7e5e05838b2c8805e9e7168d04548e20b46b59b7f4f14f14ea9e97e4af5daf1266edee3e94121

Download Submit
C:\Windows\System\KREhcYV.exe

Filesize
6.0MB

MD5
1a5039211b9f9e4b45ff9637a7881303

SHA1
b4b34a67cf22a5c906f519e7e9c0c0ed862fa1c7

SHA256
200ac3868a4a0255d855457207c093b17bac5c17ba0b78af104c8b588cca3ebc

SHA512
13ea9a7bdea7fbae27b8aa1ad895ac725bdd5ce847a99228d622f62bb735415e239f9b7ada71a49333387db4cf33b2eb9f8b8bc470b9d4919f6d471ee9820075

Download Submit
C:\Windows\System\PpxQwfm.exe

Filesize
6.0MB

MD5
ab681b75deb6884fc0e3af15c7558d5d

SHA1
67adf5cc22cd8cfc89bf2ec1920e4ab1656fe297

SHA256
0fcd2096c185efa2fc3bc18b36710f0ef8f43765522d7dcd160f494b3c53d95b

SHA512
988da7f20e06b4fff639a2d54b49e89ff21a702abafac4c39aea76ec3ffbb83842dd42d681470a79d6b3fd993e7e2e9c9ac09de800182436b8dc5d218b4a01a9

Download Submit
C:\Windows\System\RftweSd.exe

Filesize
6.0MB

MD5
6a42da1b90c5b8fb258af55120869448

SHA1
412af1887f87ba9e7c6ad60806186c775ec7d3c6

SHA256
48dc871c08ac5aace331b2971c02a3770fe89842b589fd7c3eb6f39b3d31fe0e

SHA512
70ffc24983a3413b8964e9ae51a1efc738298baac8fb27e5ef9bd081f0d5240024ac1c3e48436856f37d7efa16421450715c0857b6ff6085e9b7adebe83b7796

Download Submit
C:\Windows\System\SEeHWJi.exe

Filesize
6.0MB

MD5
98c61055cf4f89490163c5b5f473e7b5

SHA1
73c8a97113782b341a7d499643fdecc7978595cf

SHA256
1efce882343950083dc4a5f562b3126c10f1a0cf25b3710d888884f114836a97

SHA512
3a3db5c5224d7708676a9900ca120b8057bfdced8463c5c9a75f0b6f3900737897d29abe6c269836471f6dd14cce5979ba51d17f77190c846ae79120fc71c5e4

Download Submit
C:\Windows\System\SxyisjO.exe

Filesize
6.0MB

MD5
d9320e323ee0510369400a311c4b56df

SHA1
712dc0f035fcbdc83543ce184fff06fd5a5ab072

SHA256
dc7b5dc39dd491c5ac73ff56449d130eab4058986d28d40291d02b333c0a8156

SHA512
dcdb019a2f20af899c7a905d58e42a8f0e05ff67898caae8421cfee023fa4c70a66223890b38006279ad414058a0e3d7350a53ad6d9a994e87b0f85eb44e82ef

Download Submit
C:\Windows\System\VAIYWOw.exe

Filesize
6.0MB

MD5
ffb23f85014aa3f6b0910aa09b1efdce

SHA1
63e328e677ac8285caf19844c865f7fcc7f63d0d

SHA256
822888e2796e304d983e2869683078ecb220ca14391247dbd888eec9e4bca453

SHA512
640510fe132bef80391473ef25ccd4d5fe4f89538c91a15415ae8a730553c83d2d150faa14343357f714f3c34c84aea636eb67354642bc844db541485364598c

Download Submit
C:\Windows\System\XOariHO.exe

Filesize
6.0MB

MD5
93468ff4ee1838481c6c1a72640e26b7

SHA1
7051417be77fede3e96a956de229ffd28efdcb0b

SHA256
b3d41bebbd370a03292de606788c8a6eeaa32f9f27d13a3f9d126c5c3aff3112

SHA512
24876f3536a8ed963cf4b64f9e1b3a674d9b3d8ca497ddc0a50265e999c456e22fb89a96a88f1b947bd680471654836638f6d7525ca150e91c3dd7d0f0d2bdbf

Download Submit
C:\Windows\System\XjBQVQU.exe

Filesize
6.0MB

MD5
863994441260114f7d97c7cb406cff32

SHA1
850507ed7737b53c25534fa0d403e23a99d32bd0

SHA256
53121841220a1330c29a75435f6d0e0fba878cb93c526ff274105bc751ac0c2e

SHA512
21915f0a0b12ab8b2a2a1a7ec2db897e41e6b218764344107879114977af57eaa3ea8ca51d8d72eea1287d70ae6895123ec3e7661eff0ad14e24128c9d3d46a6

Download Submit
C:\Windows\System\dngmDhr.exe

Filesize
6.0MB

MD5
20b8f4dd6ec1b8bc0e852868032398b8

SHA1
f6a05f77e2f50c09f2573544506c8f253ec2404b

SHA256
7b9d14c88fb3ed5222542381c4109b91739a08fbb3a19492a87a35361460ef21

SHA512
d29ce99a72f9f5637f9828c8dcfa076f52026102b456507e768845c46ff9f0efcdd4b4605cf7fdd736c22757f9b0cafa06e2bd2cde8346283b26ef2883867552

Download Submit
C:\Windows\System\eaIKEjy.exe

Filesize
6.0MB

MD5
a63ec91cd5b2ac8a6ee6f9a88387d4af

SHA1
8381679cd26eeb0b3ed9498a5763e79dbe9f02c6

SHA256
c2a1f8b63c7c20d5acb7c0ab7f99cb7d6d91fc36e68f8ed9ea3cb7722cd0dd81

SHA512
2887f5e663a14725f6cd07e88dca0ec88032f1a3b416e3316f34cf51941fea8bd0d086b8e2a2c9cc7ea137db923ad26e5c184ab1aaec14b21e229fcddaae34e4

Download Submit
C:\Windows\System\kaVJUFL.exe

Filesize
6.0MB

MD5
4c713a9e3122ada76c2c817f13692737

SHA1
c6c6becf734bce47888edd3834724f8b9318dd89

SHA256
9321c6f53cf578c0bae96bcf2fe5c4c0de7dd7e2a8f444e728a0c46919798839

SHA512
bf020d2eb2324deb75918192bf7b6ba76b5fa529093dd7259dda119567ad027d7225bb74fb56802409bedec47c48ce9554ef78e369be48a1dc363b9acbf779ec

Download Submit
C:\Windows\System\lSFznaj.exe

Filesize
6.0MB

MD5
5c0da7c93a241b50bd31c3837a1b5c27

SHA1
84d9d36338560a94e0279aae6ae1f80617d857ce

SHA256
1f5d82c2d54939dfdaeabc581245761bda674377da2196311ddad93d2e684980

SHA512
dc543d0edb5212ef3281c84a6c746e68537507854f2456a38a83fbc70be69d88ffd03be83f71a90706d148d3fa927fc15932ca76dfd135609e7a106fe6e5a7cc

Download Submit
C:\Windows\System\mcIZoCA.exe

Filesize
6.0MB

MD5
4ecf69cf4840e0ecab6d21772bd74902

SHA1
0d4e5f89b02ebec5580ad9b8f6d33938a10a04d3

SHA256
aa150f100d56b3782ecdb58799f8bfef54524e1ecaa2e54a7fbbbd1adeacc9a1

SHA512
37d20c06a47737b025c4dcd4429cc38a1614ccf83d0ea198fc5c3d07573a54e013981c0d607c07b2d90a506e8c18fa49cbd11ef7df1a3ccbfd36a21531204cbe

Download Submit
C:\Windows\System\mrUUMlt.exe

Filesize
6.0MB

MD5
617c44ea948cf7005bed0badbc140425

SHA1
3c2450db718d3fd88e0c364e7a6a30979b2c34bd

SHA256
78b8cfa4b88d8b4a98dc5dfff512fd932c99bee809892e4d3c858b9f0fd2e907

SHA512
5590a37bd5bfa3126603a7495977bdb93362db45844b5194a21e507c162fcc7c533e8fb793360d849d569e39cbd7201025d0f8803b3464a54039350b7bfb284f

Download Submit
C:\Windows\System\nNEAnxh.exe

Filesize
6.0MB

MD5
1427adfd378679981dda9a58ea513c52

SHA1
590c5448685ac26b1cac6596804675b040a1168e

SHA256
a9f7d16bace4c1960f06f273aa1cf6a480503fe43805b6b40104344e207fb0aa

SHA512
00712540ed56acaec84cf9357a527bc624ad2c503714ed27823a30c69b9a34fc208c0626651f393c62a142cbad33b391890dfafe8995219fdfb2fbbc11b222a5

Download Submit
C:\Windows\System\nvwKSkB.exe

Filesize
6.0MB

MD5
03ccec76dbd6b404887b9eb8f61e84ba

SHA1
f4441577e773ebd859a0a2e2d99607b24aaab2e4

SHA256
4a47230ce1ac71687df0342a9b4a0d03e38ce0363e90a0eb2966ab9ba18fd1b6

SHA512
4cacfaa115a78cf366d6a87f35609ffb78ad7ff83d3f26b1569f12406ce5463453a928a7a96a05f43cd2ca6b0301621a40f386a632c27ba7c068062c36353fce

Download Submit
C:\Windows\System\pNjSBWo.exe

Filesize
6.0MB

MD5
2ff891c981c6da6902481bdf4ddc0233

SHA1
22a73bec955037ba88936ca35c9c2b66a8925bf6

SHA256
304f30b72acc4bbbd7a860931f85db1d60e5f35be411276a492bb8f0986ff4b6

SHA512
855e408d87910a91a8f4068beadbbe13eb878c6fdf0f198789df5273cf2d43dceeec86db2a5f1a676d9db648caccfca2bdf9b4723f014d416a18947a16e1a62e

Download Submit
C:\Windows\System\pkRqYFA.exe

Filesize
6.0MB

MD5
a6c12df1e1cdcb4ff7f96a05a4d64be1

SHA1
2743a67224181e0bf49aeccf9e9700e261fc0304

SHA256
db7f959206d5f5bacddde5eb80adaf1b5c69ef49ebd2613111424de09cb716ca

SHA512
e41be761103b577de5b11b4a0307ca019fc7554d52ecdc6c59bc177f0ebafb57762be7b01616aea5431b8fe1b92250a2bfcee59560a0494a82f1380a1d682872

Download Submit
C:\Windows\System\qhevqzl.exe

Filesize
6.0MB

MD5
a94dccf26fe6509bf11bc967449771d3

SHA1
6abebe2730d603b202a7b49dea97557081921cd1

SHA256
568e2b9bfb945bf996a071f17bc036d06f0f3a657506ea02c45499f6283e02f0

SHA512
1a5559ab463d89aff51664d3310490984f54fa875962a85173ce250b657993f1c7ec0cb0862488cd280f3f4ad89a089c5acdc6bcbeee87ca41e91326359cb034

Download Submit
C:\Windows\System\sOqQtnY.exe

Filesize
6.0MB

MD5
1cb1a316414773ef812ffdf1f3992160

SHA1
23684fa7a80d045fb33c7b50e041902c05c46210

SHA256
39a9a938ea97becdf613f8daa198ce599ff1fca15b92f763d00b5a62e1ff4af9

SHA512
9733094e1daa3aa0b7a07299fc9ba2a1bbcf13eb40f482efeaa056165141d56df2df0bf24f85dc51c9523644541c32da35bec6e503b4ae7bd6fead8e8cb2b691

Download Submit
C:\Windows\System\uIWQMAZ.exe

Filesize
6.0MB

MD5
279ebc1836443a4bd39cc67b3cb1718b

SHA1
8f567046b5f217b561f2a399f4a23093470173be

SHA256
554589cb365e91411b2660e3872ad1f9d96e25a26ef62bf6d0801b35e8d6535a

SHA512
f3268c25b18f575fd7434c0633e4044af23b70320528d590b7be7082bc3007b8521457c6f6f832c9f923beda06c43233747bba7e831de65ad24180923d676647

Download Submit
C:\Windows\System\vZLlzwh.exe

Filesize
6.0MB

MD5
d32da7d7e92e011ff59501cc9aaf1dd1

SHA1
13ef1d29628ecc274f901d98399f8d6c3586ea10

SHA256
303cfffe7aa459ab01928308dc50559b2f3dc843461b64496f07d9302c6e8705

SHA512
2f1b7339cf72ef15fa3f0ac744bf182e6fc51079f249d3d4dcc8d3fe9413d8c884275910e6c600e020893eede653ae1cfb765e57fade16a3fd07b3c1ca7292d8

Download Submit
C:\Windows\System\wABODTT.exe

Filesize
6.0MB

MD5
25a22c32b23e501285d483cbd4e71b05

SHA1
5af686722c46aa110201ffab1420289a52b46c76

SHA256
a3ec45c78d212c119fa0d6c1184e707fc92bfce2b430ed1baed84c847c0c73d1

SHA512
226e29e9fc5564c29eb455299f4443f7135c359e462e456e714129a9eff65a0766a4c4fc3295efca31822214080b26e73f01faf04260b8e9444505059a91cab7

Download Submit
C:\Windows\System\xjQDODG.exe

Filesize
6.0MB

MD5
13aa3dbeb4aba71b708c4c7adebc29bd

SHA1
ebb465a05c1897dc98dd3a588536cb86f8083be0

SHA256
f30bb05aa04c462471ed8ad3b9e3c343d9867da6abed6fad0bb241fe655f3ac1

SHA512
81ac197a3f5b016a8e11bddf0ec5b741e1764ce896e5c85fd00568d54de83a712b4040e13a0965063d802b5c8833cf01aecd16c925aa7e04108cbacf754fdd4a

Download Submit
memory/212-56-0x00007FF72A7F0000-0x00007FF72AB44000-memory.dmp

Filesize
3.3MB

Download
memory/212-135-0x00007FF72A7F0000-0x00007FF72AB44000-memory.dmp

Filesize
3.3MB

Download
memory/212-2260-0x00007FF72A7F0000-0x00007FF72AB44000-memory.dmp

Filesize
3.3MB

Download
memory/348-668-0x00007FF727BE0000-0x00007FF727F34000-memory.dmp

Filesize
3.3MB

Download
memory/348-175-0x00007FF727BE0000-0x00007FF727F34000-memory.dmp

Filesize
3.3MB

Download
memory/348-2278-0x00007FF727BE0000-0x00007FF727F34000-memory.dmp

Filesize
3.3MB

Download
memory/812-279-0x00007FF730270000-0x00007FF7305C4000-memory.dmp

Filesize
3.3MB

Download
memory/812-111-0x00007FF730270000-0x00007FF7305C4000-memory.dmp

Filesize
3.3MB

Download
memory/812-2268-0x00007FF730270000-0x00007FF7305C4000-memory.dmp

Filesize
3.3MB

Download
memory/1036-63-0x00007FF71EB30000-0x00007FF71EE84000-memory.dmp

Filesize
3.3MB

Download
memory/1036-2261-0x00007FF71EB30000-0x00007FF71EE84000-memory.dmp

Filesize
3.3MB

Download
memory/1336-85-0x00007FF72C200000-0x00007FF72C554000-memory.dmp

Filesize
3.3MB

Download
memory/1336-2264-0x00007FF72C200000-0x00007FF72C554000-memory.dmp

Filesize
3.3MB

Download
memory/1376-70-0x00007FF745AC0000-0x00007FF745E14000-memory.dmp

Filesize
3.3MB

Download
memory/1376-2262-0x00007FF745AC0000-0x00007FF745E14000-memory.dmp

Filesize
3.3MB

Download
memory/1412-105-0x00007FF719B20000-0x00007FF719E74000-memory.dmp

Filesize
3.3MB

Download
memory/1412-226-0x00007FF719B20000-0x00007FF719E74000-memory.dmp

Filesize
3.3MB

Download
memory/1412-2267-0x00007FF719B20000-0x00007FF719E74000-memory.dmp

Filesize
3.3MB

Download
memory/1604-647-0x00007FF78DE30000-0x00007FF78E184000-memory.dmp

Filesize
3.3MB

Download
memory/1604-174-0x00007FF78DE30000-0x00007FF78E184000-memory.dmp

Filesize
3.3MB

Download
memory/1604-2279-0x00007FF78DE30000-0x00007FF78E184000-memory.dmp

Filesize
3.3MB

Download
memory/1612-586-0x00007FF62F010000-0x00007FF62F364000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2277-0x00007FF62F010000-0x00007FF62F364000-memory.dmp

Filesize
3.3MB

Download
memory/1612-172-0x00007FF62F010000-0x00007FF62F364000-memory.dmp

Filesize
3.3MB

Download
memory/1692-2258-0x00007FF76F5A0000-0x00007FF76F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-44-0x00007FF76F5A0000-0x00007FF76F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-176-0x00007FF71AE00000-0x00007FF71B154000-memory.dmp

Filesize
3.3MB

Download
memory/1728-2265-0x00007FF71AE00000-0x00007FF71B154000-memory.dmp

Filesize
3.3MB

Download
memory/1728-89-0x00007FF71AE00000-0x00007FF71B154000-memory.dmp

Filesize
3.3MB

Download
memory/1820-129-0x00007FF722A60000-0x00007FF722DB4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-2269-0x00007FF722A60000-0x00007FF722DB4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2275-0x00007FF783A50000-0x00007FF783DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-523-0x00007FF783A50000-0x00007FF783DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-166-0x00007FF783A50000-0x00007FF783DA4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-2256-0x00007FF76BE90000-0x00007FF76C1E4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-95-0x00007FF76BE90000-0x00007FF76C1E4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-32-0x00007FF76BE90000-0x00007FF76C1E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-134-0x00007FF693540000-0x00007FF693894000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2270-0x00007FF693540000-0x00007FF693894000-memory.dmp

Filesize
3.3MB

Download
memory/2488-2259-0x00007FF6AEA30000-0x00007FF6AED84000-memory.dmp

Filesize
3.3MB

Download
memory/2488-122-0x00007FF6AEA30000-0x00007FF6AED84000-memory.dmp

Filesize
3.3MB

Download
memory/2488-50-0x00007FF6AEA30000-0x00007FF6AED84000-memory.dmp

Filesize
3.3MB

Download
memory/2744-153-0x00007FF7EA6E0000-0x00007FF7EAA34000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2273-0x00007FF7EA6E0000-0x00007FF7EAA34000-memory.dmp

Filesize
3.3MB

Download
memory/2948-2254-0x00007FF703C80000-0x00007FF703FD4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-83-0x00007FF703C80000-0x00007FF703FD4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-20-0x00007FF703C80000-0x00007FF703FD4000-memory.dmp

Filesize
3.3MB

Download
memory/3372-2257-0x00007FF74F520000-0x00007FF74F874000-memory.dmp

Filesize
3.3MB

Download
memory/3372-103-0x00007FF74F520000-0x00007FF74F874000-memory.dmp

Filesize
3.3MB

Download
memory/3372-37-0x00007FF74F520000-0x00007FF74F874000-memory.dmp

Filesize
3.3MB

Download
memory/3436-69-0x00007FF60E4F0000-0x00007FF60E844000-memory.dmp

Filesize
3.3MB

Download
memory/3436-8-0x00007FF60E4F0000-0x00007FF60E844000-memory.dmp

Filesize
3.3MB

Download
memory/3500-156-0x00007FF78CFF0000-0x00007FF78D344000-memory.dmp

Filesize
3.3MB

Download
memory/3500-2276-0x00007FF78CFF0000-0x00007FF78D344000-memory.dmp

Filesize
3.3MB

Download
memory/3500-522-0x00007FF78CFF0000-0x00007FF78D344000-memory.dmp

Filesize
3.3MB

Download
memory/3596-2272-0x00007FF6427D0000-0x00007FF642B24000-memory.dmp

Filesize
3.3MB

Download
memory/3596-147-0x00007FF6427D0000-0x00007FF642B24000-memory.dmp

Filesize
3.3MB

Download
memory/3660-2263-0x00007FF7BDCB0000-0x00007FF7BE004000-memory.dmp

Filesize
3.3MB

Download
memory/3660-78-0x00007FF7BDCB0000-0x00007FF7BE004000-memory.dmp

Filesize
3.3MB

Download
memory/3716-2280-0x00007FF70A390000-0x00007FF70A6E4000-memory.dmp

Filesize
3.3MB

Download
memory/3716-185-0x00007FF70A390000-0x00007FF70A6E4000-memory.dmp

Filesize
3.3MB

Download
memory/3716-684-0x00007FF70A390000-0x00007FF70A6E4000-memory.dmp

Filesize
3.3MB

Download
memory/4416-1-0x00000270DFFA0000-0x00000270DFFB0000-memory.dmp

Filesize
64KB

Download
memory/4416-0-0x00007FF7EDF60000-0x00007FF7EE2B4000-memory.dmp

Filesize
3.3MB

Download
memory/4416-62-0x00007FF7EDF60000-0x00007FF7EE2B4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-26-0x00007FF711F90000-0x00007FF7122E4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-87-0x00007FF711F90000-0x00007FF7122E4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-2255-0x00007FF711F90000-0x00007FF7122E4000-memory.dmp

Filesize
3.3MB

Download
memory/4584-140-0x00007FF746E80000-0x00007FF7471D4000-memory.dmp

Filesize
3.3MB

Download
memory/4584-2271-0x00007FF746E80000-0x00007FF7471D4000-memory.dmp

Filesize
3.3MB

Download
memory/4800-154-0x00007FF6D4FD0000-0x00007FF6D5324000-memory.dmp

Filesize
3.3MB

Download
memory/4800-2274-0x00007FF6D4FD0000-0x00007FF6D5324000-memory.dmp

Filesize
3.3MB

Download
memory/4920-96-0x00007FF6495C0000-0x00007FF649914000-memory.dmp

Filesize
3.3MB

Download
memory/4920-184-0x00007FF6495C0000-0x00007FF649914000-memory.dmp

Filesize
3.3MB

Download
memory/4920-2266-0x00007FF6495C0000-0x00007FF649914000-memory.dmp

Filesize
3.3MB

Download
memory/5036-76-0x00007FF6684C0000-0x00007FF668814000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2253-0x00007FF6684C0000-0x00007FF668814000-memory.dmp

Filesize
3.3MB

Download
memory/5036-14-0x00007FF6684C0000-0x00007FF668814000-memory.dmp

Filesize
3.3MB

Download